US Government Agencies Attacked By Russian Criminals

A number of US federal government agencies have been hacked by Russian ransomware criminals known as Clop, who have exploited a software vulnerability in a file-sharing program, MOVEit from a leading software firm Progress, which is widely used in the corporate sector.  

The US Cybersecurity and Infrastructure Security Agency (CISA) has said that several federal agencies have been hacked affecting their MOVEit applications, and they are working to understand impacts and ensure timely remediation. 

While we don’t yet know the full extent of the attack on U.S. government agencies, it’s clear that even now many organizations still need to plug holes in their software applications to avoid becoming the next victim. 

Aside from US government agencies, most of which have not been named, “several hundred” companies and organisations in the US have also been affected by the hacking spree, a senior CISA official has said. Johns Hopkins University in Baltimore and the university’s renowned health system said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.

Meanwhile, Georgia’s state-wide university system, which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities, confirmed it was investigating the “scope and severity” of the hack.

Federal authorities previously released a joint advisory noting that the file transfer software was vulnerable to attack. At the time, CISA and the FBI said the application was vulnerable to ransomware attacks in which data is locked or stolen and payment is demanded in return.

Amit Yoran, CEO of leading cybersecurity firm Tenable commented: "The Clop ransomware gang has focused on exploiting file transfer technologies for years and has had widespread success exploiting a known MOVEit flaw for weeks now.  

Cybercriminals and nation states alike feast on known vulnerabilities and sloppy hygiene practices that leave organizations unnecessarily at risk. Unrelenting focus on identifying issues, prioritizing them and remediating them makes a world of difference."

CNN:      Progress Software:      Reuters:      WEF:     DefenseOne:      ABC:     The Week

You Might Also Read: 

Ukraine Cyber Police Crack Hacker Group:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Analysing XeGroup’s Arsenal Of Cyberattack Methods
Five Biggest Dangers Of AI For The Upcoming Years »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.