Russian hackers allegedly breach US government agencies in cyberattack
Multiple U.S. federal government agencies were hit in a global cyberattack allegedly carried out by the Russian ransomware gang known as Clop. The attack exploited a vulnerability in a file-sharing program popular among corporations and governments called MOVEit, per Homeland Security officials.
The US Cybersecurity and Infrastructure Security Agency is working to support the federal agencies that "experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, told CNN on Thursday. "We are working urgently to understand impacts and ensure timely remediation."
While all the affected agencies have not been identified, a Department of Energy representative confirmed with CNN that the agency was among the targets. In addition to the U.S. government agencies, "several hundred" U.S. companies and organizations could have been swept up in the hacking spree, a senior CISA official estimated. In the past, Clop, the Russian ransomware gang allegedly behind the cyberattacks, has asked for multimillion-dollar ransoms. Still, the senior official added that the hackers made no demands in this case.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The cyberattacks did not have any "significant impacts" on the federal agencies, CISA Director Jen Easterly said in a statement to the press, noting that the hackers were "largely opportunistic" in exploiting the software flaw to access networks.
Progress Software, the US creator of the MOVEit software, recently discovered another vulnerable point in the software. Over the past few weeks, the hackers have taken advantage of a previously identified flaw in the widely-used software to access the data they transferred. The firm behind the software told CNN they'd discovered a new vulnerability "that could be exploited by a bad actor."
"We have communicated with customers on the steps they need to take to further secure their environments, and we have also taken MOVEit Cloud offline as we urgently work to patch the issue," the company said in a statement.
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Theara Coleman has worked as a staff writer at The Week since September 2022. She frequently writes about technology, education, literature and general news. She was previously a contributing writer and assistant editor at Honeysuckle Magazine, where she covered racial politics and cannabis industry news.
-
Is pop music now too reliant on gossip?
Talking Point Taylor Swift's new album has prompted a flurry of speculation over who she is referring to in her songs
By Richard Windsor, The Week UK Published
-
Nuclear near-misses
The Explainer From technical glitches to fateful split-second decisions, the world has come to the brink of nuclear war more times than you might think
By Rebecca Messina, The Week UK Published
-
What is cloud seeding and did it cause Dubai's severe rainfall?
The Explainer The future is flooded
By Devika Rao, The Week US Published
-
Amazon ending 'Just Walk Out' grocery checkout
Speed Read In its place, the company will let customers scan while they shop with Amazon Dash Cart
By Peter Weber, The Week US Published
-
Justice Department bites Apple with iPhone suit
Speed Read The lawsuit alleges that the tech company monopolized the smartphone industry
By Rafi Schwartz, The Week US Published
-
House votes to force TikTok to sell or face US ban
speed read The House passed a bill to ban TikTok on national security grounds unless it sells to a non-Chinese company
By Peter Weber, The Week US Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
Apple kills its secret electric car project
Speed Read Many of the people from Project Titan are being reassigned to work on generative AI
By Peter Weber, The Week US Published
-
Cyberflashing, fake news and the new crimes in the Online Safety Act
The Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
By Harriet Marsden, The Week UK Last updated
-
Cellphone use may be lowering sperm count
Speed Read Electromagnetic radiation could be affecting male fertility
By Devika Rao, The Week US Published
-
Nasa reveals first findings from asteroid that could explain origins of life
Speed Read Sample from Bennu has been found to contain an abundance of water and carbon
By Jamie Timson, The Week UK Published