Federal Agencies Hacked, Clop Ransomware Gang Possible Culprit

Several U.S. government agencies have been hacked via a MOVEit Transfer software vulnerability. The hacks are part of a larger cyberattack.

According to CNN, the U.S. Cybersecurity and infrastructure Security Agency (CISA) is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.

Eric Goldstein, the agency’s executive assistant director for cybersecurity, told CNN that “we are working urgently to understand impacts and ensure timely remediation.”

Active Exploitation Attempts Discovered

Earlier this month, Huntress discovered active exploitation attempts against MOVEit Transfer. MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of Progress Software, that allows enterprises to securely transfer files between business partners and customers.

Last week, CISA and the FBI published a joint advisory about the Clop ransomware gang exploiting the MOVEit vulnerability to steal files stored on the server. It hasn’t been confirmed whether Clop is behind the attacks on federal agencies.

According to ReliaQuest, Clop has named 14 new organizations as its victims, bringing the total number to 27. Of the newly named organizations, 11 are from the United States and three are from Europe. The organizations listed are predominantly operating in financial services, followed by health care, pharmaceuticals and technology. The list of company names has been published on Clop’s dark-web data-leak site, although the group has removed one name. As of this update, ReliaQuest is not aware of any leaked data.

See our slideshow above for the full story on the attacks on federal agencies.