According to the US government, a larger cyberattack involved hacking into many institutions.
The leading civilian cybersecurity watchdog, led by Jen Easterly, said it was keeping an eye on the hackers "as a well-known ransomware group."
As part of a larger campaign that affected dozens of businesses and organizations in recent weeks due to a previously unrecognized weakness in popular file sharing software, many U.S. agencies have been compromised.
According to Eric Goldstein, its executive assistant director, the Cybersecurity and Infrastructure Security Agency, the nation's top civilian cybersecurity watchdog, stated Thursday that it is still looking into the scale of the intrusions.
Several federal entities that have been the target of breaches are receiving help from CISA, he added. "We are working quickly to comprehend the effects and guarantee prompt remediation."
The hackers took advantage of a flaw in MOVEIt, a well-liked software for quickly transferring data.
Government agencies are among the clients of Google-owned cybersecurity firm Mandiant, whose chief technical officer, Charles Carmakal, claimed he was aware of some data theft from such organizations through the MOVEIt breaches.
It wasn't immediately obvious if the stolen data included critical information or if the hackers had interfered with official computer systems. CISA's statement was originally reported by CNN.
It's the third instance in as many years that foreign hackers have been successful in infiltrating many federal institutions and stealing data. In 2020, hackers working for Russian intelligence first gained access to the software that nine agencies utilized by getting into SolarWinds, a Texas-based firm. The next year, Chinese intelligence hackers used Pulse Secure, a tool for remote work, to get into other agencies.
CISA Director Jen Easterly said the organization was monitoring the hackers "as a well-known ransomware group" in an interview with NBC News' Andrea Mitchell on Thursday.
That seems to be a reference to the well-known cyberterrorist organization CL0P.
The FBI and CISA warned last week that CL0P was abusing a MOVEIt bug that had not yet been made public. According to Brett Callow, an expert at the cybersecurity firm Emsisoft, the criminal group utilized the vulnerability in a quick hacking binge to grab files from at least 47 businesses and demand money so they wouldn't be published online.
Allan Liska, a ransomware specialist with the cybersecurity firm Recorded Future, claimed that CL0P is a criminal organization that mostly speaks Russian.
On a discussion with journalists on Thursday afternoon, a CISA representative stated that it looked that CL0P was able to steal data that businesses had deliberately saved with MOVEIt, but that the hackers weren't able to utilize that as a starting point to access other systems.
According to a message sent out by email on Thursday, the Energy Department was one of the victims.
The CISA representative will not provide an exact number of victims. According to the person, the CIA is helping a number of organizations whose information were compromised. The official stated that CISA is not aware of any affected military branches or intelligence community organizations.
The Directorate of National Intelligence declined to make any comments. An inquiry for comment was not immediately answered by the National Security Council.
For the cybersecurity firm Palo Alto Networks, Wendi Whitmore, who oversees threat research, said CL0P's strategy of hacking people using MOVEIt was extraordinarily pervasive.
She remarked, "I think it's at least hundreds, if not more," of the overall casualties
0 Comments