**Russian Cyber-Extortion Gang Hacks U.S. Government Agencies and Corporations**
Several federal agencies, including the Department of Energy, fell victim to a cyber-extortion gang’s global hack. However, officials from the Department of Homeland Security have stated that the impact of the attack is not expected to be significant. Despite this, numerous victims from various sectors, ranging from industry to higher education, have already begun to experience serious consequences. In contrast to the prolonged and stealthy SolarWinds hacking campaign, this attack was swift and shallow, and it was promptly detected.
Not a Systemic Risk to National Security
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), assured the public that the campaign is largely opportunistic and does not pose a systemic risk to national security or the nation’s networks. She emphasized that the intrusions do not seem to be aimed at gaining broader access or stealing high-value information from targeted systems.
Limited Impact on the U.S. Military and Intelligence Community
The U.S. military and intelligence community have remained unscathed by the attack. The Energy Department confirmed that two of its entities were compromised, but no further details were provided. It is worth noting that this attack primarily targeted the file-transfer program MOVEit, which is commonly used by businesses to securely exchange files containing sensitive information, including financial and insurance data.
Victims and Exposed Personal Information
The list of known victims includes the Louisiana Office of Motor Vehicles, the Oregon Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. Louisiana officials have stated that individuals with a driver’s license or vehicle registration in the state likely had their personal information exposed, including their name, address, Social Security number, and birthdate. They are advising Louisiana residents to freeze their credit as a precaution against identity theft. The Oregon Department of Transportation has also confirmed that the attackers accessed personal information, including sensitive data, of approximately 3.5 million people who hold identity cards or driver’s licenses issued by the state.
Cl0p Ransomware Syndicate’s Ultimatum
The Cl0p ransomware syndicate, responsible for the hack, gave their victims a deadline to negotiate a ransom or risk having stolen data leaked online. The syndicate, known as one of the world’s most active cybercrime organizations, claimed that it would delete stolen data from governments, cities, and police departments. Thus far, a few federal agencies have been affected, but the breach is not widespread. No federal agencies have received extortion demands, and the compromised federal agency’s data has not been leaked online by Cl0p. U.S. officials also noted that there is no evidence to suggest coordination between Cl0p and the Russian government.
Implications for MOVEit Users
Upon discovering the breach, the parent company of MOVEit’s U.S. maker, Progress Software, promptly informed their customers and issued a patch. However, cybersecurity researchers believe that sensitive data could have been quietly exfiltrated by the hackers before the breach was detected, potentially affecting hundreds of companies across the country. The number of vulnerable MOVEit servers detected by the cybersecurity firm SecurityScorecard exceeds 2,500. Among those servers, 200 were associated with government agencies, although further details on specific countries were not available.
Federal Response and Obligations of Victims
Federal officials encourage victims to report the incident, although many choose not to do so. The U.S. currently lacks a federal data breach law, resulting in varying disclosure practices across states. However, publicly traded corporations, healthcare providers, and critical infrastructure operators have regulatory obligations to disclose breaches.
History of Cl0p’s File-Transfer Exploits
Cl0p has a history of breaching file-transfer programs to gain unauthorized access to sensitive data for extortion purposes. Previous incidents involve the exploitation of GoAnywhere servers in early 2023, as well as Accellion File Transfer Application devices in 2020 and 2021.
Doubts About Cl0p Criminals’ Integrity
Cybersecurity experts caution against trusting the Cl0p criminals to honor their word. Incidents have been reported where data stolen by ransomware groups appeared on the dark web several months after victims paid ransoms.
In conclusion, the recent cyber-extortion attack by a Russian gang has affected various federal agencies and corporations, although the overall impact is not expected to pose a systemic risk to national security. However, numerous victims from different sectors have already experienced serious consequences due to the breach of the popular file-transfer program MOVEit. The extent of the stolen data and potential future leaks remains a concern. Victims are encouraged to come forward and report the incident.