Cyberattack Hits Several Federal Agencies

Several federal agencies were breached by a cyberattack of a tool used for transferring files, the U.S. Cybersecurity Agency (CISA) confirmed – the same attacks companies in the U.K. faced earlier this month.

These cyberattacks began in the U.K. and infiltrated systems using a payroll service. The privacy breach first hit at the beginning of the month, targeting the software MOVEit used by U.K. payroll provider Zellis. 

The U.S. government has now confirmed multiple federal agencies have fallen victim to the same attack, also via a vulnerability in MOVEit Transfer, a file transfer tool. 

Eric Goldstein, CISA executive assistant director for cybersecurity, told CNN several federal agencies have seen breaches in their MOVEit software. CISA is reportedly working with the agencies to address the breaches.

“CISA urges users and organizations to review the MOVEit Transfer advisory, follow the mitigation steps, and apply the necessary updates when available,” CISA’s statement said. 

While the exact number and name of the agencies affected have not yet been disclosed, the Department of Energy (DOE) has confirmed two of its entities have been breached. According to the Federal News Network, Oak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico were the two DOE entities impacted.

Related:British Airways, BBC, Others Hit by Cyberattack

Russian-speaking cybercrime group Clop has been identified as the perpetrator and has threatened  to release personal information if businesses affected did not get in touch.

Since the ultimatum, Clop has posted what it said is the first of its lists of organizations that had been attacked. The list, posted to Clop’s site on the dark web, includes Boston-based investment management firm Putnam Investments, Netherlands-based Landal Greenparks and the energy major Shell.

The news comes as Progress Software, the company behind MOVEit, said it discovered a second vulnerability in the code, which it said could lead to “potential unauthorized access to the environment.”