US Government Agencies Attacked By Russian Criminals

A number of US federal government agencies have been hacked by Russian ransomware criminals known as Clop, who have exploited a software vulnerability in a file-sharing program, MOVEit from a leading software firm Progress, which is widely used in the corporate sector.  

The US Cybersecurity and Infrastructure Security Agency (CISA) has said that several federal agencies have been hacked affecting their MOVEit applications, and they are working to understand impacts and ensure timely remediation. 

While we don’t yet know the full extent of the attack on U.S. government agencies, it’s clear that even now many organizations still need to plug holes in their software applications to avoid becoming the next victim. 

Aside from US government agencies, most of which have not been named, “several hundred” companies and organisations in the US have also been affected by the hacking spree, a senior CISA official has said. Johns Hopkins University in Baltimore and the university’s renowned health system said in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.

Meanwhile, Georgia’s state-wide university system, which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities, confirmed it was investigating the “scope and severity” of the hack.

Federal authorities previously released a joint advisory noting that the file transfer software was vulnerable to attack. At the time, CISA and the FBI said the application was vulnerable to ransomware attacks in which data is locked or stolen and payment is demanded in return.

Amit Yoran, CEO of leading cybersecurity firm Tenable commented: "The Clop ransomware gang has focused on exploiting file transfer technologies for years and has had widespread success exploiting a known MOVEit flaw for weeks now.  

Cybercriminals and nation states alike feast on known vulnerabilities and sloppy hygiene practices that leave organizations unnecessarily at risk. Unrelenting focus on identifying issues, prioritizing them and remediating them makes a world of difference."

CNN:      Progress Software:      Reuters:      WEF:     DefenseOne:      ABC:     The Week

You Might Also Read: 

Ukraine Cyber Police Crack Hacker Group:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Analysing XeGroup’s Arsenal Of Cyberattack Methods
Five Biggest Dangers Of AI For The Upcoming Years »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.