Department reports data compromise as Russian-linked hackers exploit security flaw.
A global hacking campaign targeted US energy department and government agencies. The breach exploited a vulnerability in popular file-transfer software. Data was compromised at two entities within the energy department, attributed to a Russia-linked criminal gang. British energy giant Shell, the University System of Georgia, Johns Hopkins University, and Johns Hopkins Health System also reported being affected.
The growing list of hacking victims expands to include US and international entities that were targeted through MoveIt software. Previous victims include Louisiana’s Office of Motor Vehicles, Oregon’s transport department, the Nova Scotia provincial government, British Airways, the BBC, and the UK drugstore chain Boots.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (Cisa), informed reporters that this recent hacking campaign differed from the meticulous and stealthy SolarWinds attack, attributed to Russian intelligence agents. The current campaign was shorter, less sophisticated, and quickly detected.
According to Easterly, industry partners have indicated that these intrusions were not utilized to gain extensive access, establish persistence in targeted systems, or steal highly valuable information. Overall, this attack seems to be largely opportunistic.
While addressing the concerns, the director of Cisa emphasized that the current hacking campaign, although worrisome, does not pose a systemic risk to national security or the nation’s networks, unlike the SolarWinds incident.
A senior official from Cisa confirmed that neither the US military nor the intelligence community was impacted by the attack. The energy department spokesperson, Chad Smith, acknowledged that two agency entities were compromised but refrained from providing further specifics.
Louisiana officials revealed that individuals holding a driver’s license or vehicle registration in the state likely had their personal information exposed. This included sensitive details such as name, address, social security number, and birthdate. They advised Louisiana residents to protect themselves against identity theft by freezing their credit.
On Thursday, the Oregon transport department verified that personal information, including sensitive details, of approximately 3.5 million individuals who received identity cards or driver’s licenses from the state was accessed by the attackers.
The hack was attributed to Cl0p, a ransomware syndicate linked to Russia. In a recent announcement on their dark web site, Cl0p indicated that their victims, potentially numbering in the hundreds, had until Wednesday to initiate ransom negotiations. Otherwise, the ransomware operators threatened to publicly release the stolen sensitive data.
The cybercrime syndicate responsible for the attack is recognized as one of the world’s most prolific. They stated their intention to delete any data they obtained from governments, cities, and police departments.
US officials have clarified that they currently lack evidence indicating coordination between Cl0p and the Russian government.
MoveIt Transfer, a widely used tool for sharing sensitive information, became the target of hackers who exploited a security vulnerability. The software’s developer, Progress Software, identified the flaw at the end of last month and promptly released a patch. MoveIt spokesperson confirmed their collaboration with federal law enforcement and efforts to assist customers in applying necessary fixes to their systems.
However, cybersecurity researchers warn that numerous companies may have already experienced silent exfiltration of sensitive data. The senior Cisa official stated industry estimates suggesting several hundred victims across the country.