A massive global cyber attack exploiting a flaw in widely-used software has hit several US federal government agencies, according to a developing report.
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed the agencies suffered the attack in a statement to CNN.
“CISA is providing support to several federal agencies that have experienced intrusions,” said Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity.
“We are working urgently to understand impacts and ensure timely remediation.”
As Reuters reported:
“CISA did not identify the agencies that were hit or say exactly how they had been affected. It did not immediately respond to requests seeking further comment. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.
The United States does not expect any “significant impact” from the breach, CISA Director Jen Easterly told MSNBC.”
Hacktivist groups, KillNet, Anonymous Sudan, and REvil, have already declared a cyber war on the West.
The hacker groups threatened to unleash a massive cyber onslaught on the European banking system within “48 hours” (the information was relevant as of yesterday), according to Russian online newspaper Lenta.ru
“Right now, we’re focused specifically on those federal agencies that may be impacted, and we’re working hand in hand with them to be able to mitigate that risk. We understand that there are businesses, though, around the world. It’s another ransomware actor known as Clop Ransomware, and they’re basically taking data and looking to extort it,” Easterly said.
As Fox News reported, the incident comes months after President Biden’s administration rolled out a new National Cybersecurity Strategy that aims to protect the nation’s critical infrastructure from “borderless” cyber threats.
As Reuters noted:
“MOVEit, made by Progress Software Corp (PRGS.O), is typically used by organizations to transfer files between their partners or customers. Progress shares fell 4%.
It could be used by a financial institution that requires their customers to upload their data to apply for a loan, John Hammond, a senior researcher at the security firm Huntress, said earlier this month.“
The online extortion group Cl0p, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.
“IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA,” the group said in a statement on its website.
Do you remember what Klaus Schwab said?