Monday, October 30, 2023

Russian-Speaking Hacking Group Hacks U.S. Federal Systems, Gains Access to Over 600,000 Emails from Departments of Defense and Justice in Massive Cyber Attack

 

A Russian-speaking hacking group has reportedly gained unauthorized access to the email addresses of approximately 632,000 U.S. federal employees. The affected departments include the Department of Defense and the Department of Justice.

This alarming revelation comes from a report by the U.S. Office of Personnel Management (OPM), which was obtained through a Freedom of Information Act request, Bloomberg reported.

The affected employees were spread across various branches of the DoD, including the Air Force, Army, U.S. Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff, and Defense Agencies and Field Activities. The DoJ was also compromised, although the specifics remain undisclosed.

The cyberattack, which took place on May 28 and May 29, was labeled a “major incident” by the Office of Personnel Management, as reported by Bloomberg. However, the agency also asserted that the data compromised in the attack was largely “of low sensitivity” and did not include classified information.

The hackers exploited a vulnerability in MOVEit, a popular file-transfer tool used by federal agencies. Westat Inc., a vendor that OPM uses to administer Federal Employee Viewpoint Surveys, also used this compromised software. The OPM report stated that there was “no indication” that any unauthorized user accessed any of the survey links, but the email addresses and internal tracking codes were compromised.

Progress Software Corp., the parent company of MOVEit, has since taken steps to mitigate the impact of the cyberattack. They have expressed empathy for the affected users and committed to playing a collaborative role in industry-wide efforts to combat cybercrime.

The hacking group responsible for the attack is known as Clop, or Cl0p. Clop is a ransomware variant that exploits vulnerable systems and encrypts saved files with the “. Clop” extension.

In June, the US Department of Justice (DOJ) announced a $10 million bounty for information linking the Clop ransomware gang to any foreign government.

This comes after a global cyberattack exploiting a flaw in widely-used software had struck several US federal government agencies, as reported by The Gateway Pundit .

The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed the attacks in a statement to CNN.

“CISA is providing support to several federal agencies that have experienced intrusions,” said Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity. “We are working urgently to understand impacts and ensure timely remediation.”

A senior U.S. Government official told CBS that, while there has been no evidence of compromise in the U.S. Military and intelligence agencies, multiple federal departments have been victim to a significant cyberattack.

Multiple federal agencies, including the Department of Energy, have been targeted in the US. Additionally, Johns Hopkins affiliated hospitals in Maryland and Florida, the Georgia statewide university system, and the Minnesota Department of Education have also been affected. International entities have not been spared either; BBC and British Airways were other notable victims of the attack.

According to BBC, companies in Germany, Belgium, Switzerland, and Canada were affected by the attack, which is now being referred to as potentially the most extensive theft and extortion event in recent history by cybersecurity experts.

“They’ve started releasing some of the stolen data as part of their extortion attempts,” said Deputy National Security Advisor for Cyber Anne Neuberger. “We strongly urge any user of the targeted software to immediately implement patches and secure their systems.”

This unprecedented event is suspected to be the work of a cybercriminal gang known as Clop Ransomware Gang, believed to be operating out of Russia.

The hacker group has reportedly stolen substantial amounts of data and has issued threats to release all stolen data if their ransom demands are not met within a seven-day window. This data could potentially be published on the Dark Web, adding an extra layer of concern for those affected.

BBC reported that the hacker group had released names and company information and threatened to release more.

No comments:

Post a Comment

China Replaces General in Charge of Ground Force’s Political Loyalty

Since last July, the CCP’s anti-corruption campaign has led to the downfall of more than a dozen high-ranking military officers and defense ...