US Government Agencies Attacked By Russian Criminals

Uploaded on 2023-06-19 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

A number of US federal government agencies have been hacked by Russian ransomware criminals known as Clop, who have exploited a software vulnerability in a file-sharing program, MOVEit from a leading software firm Progress, which is widely used in the corporate sector.  

The US Cybersecurity and Infrastructure Security Agency (CISA) has said that several federal agencies have been hacked affecting their MOVEit applications, and they are working to understand impacts and ensure timely remediation. 

While we don’t yet know the full extent of the attack on U.S. government agencies, it’s clear that even now many organizations still need to plug holes in their software applications to avoid becoming the next victim. 

Aside from US government agencies, most of which have not been named, “several hundred” companies and organisations in the US have also been affected by the hacking spree, a senior CISA official has said. Johns Hopkins University in Baltimore and the university’s renowned health system said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.

Meanwhile, Georgia’s state-wide university system, which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities, confirmed it was investigating the “scope and severity” of the hack.

Federal authorities previously released a joint advisory noting that the file transfer software was vulnerable to attack. At the time, CISA and the FBI said the application was vulnerable to ransomware attacks in which data is locked or stolen and payment is demanded in return.

Amit Yoran, CEO of leading cybersecurity firm Tenable commented: "The Clop ransomware gang has focused on exploiting file transfer technologies for years and has had widespread success exploiting a known MOVEit flaw for weeks now.  

Cybercriminals and nation states alike feast on known vulnerabilities and sloppy hygiene practices that leave organizations unnecessarily at risk. Unrelenting focus on identifying issues, prioritizing them and remediating them makes a world of difference."

CNN:      Progress Software:      Reuters:      WEF:     DefenseOne:      ABC:     The Week

You Might Also Read: 

Ukraine Cyber Police Crack Hacker Group:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Analysing XeGroup’s Arsenal Of Cyberattack Methods
Five Biggest Dangers Of AI For The Upcoming Years »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

Cyber Nations

Cyber Nations

Cyber Nations is a global program designed to engage 100,000 African, Caribbean and Canadian learners to be trained in cybersecurity with a path to employment.