A massive cyberattack is currently affecting several federal agencies in the United States as well as NATO allies, with cybersecurity officials working hard to limit the damage and prevent further intrusions. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it is providing support to several federal agencies that have experienced intrusions affecting their file transfer applications. The hackers are believed to have exploited a vulnerability in a widely used software that companies worldwide use to move large files, compromising the security of many institutions and government agencies.
The hackers behind the attack have already started releasing data stolen from these organizations in an attempt to extort them. According to cybersecurity experts, the breach is one of the largest theft and extortion events in recent history, with victims including Johns Hopkins University, the University of Georgia, the BBC, and British Airways. The hackers have been active since at least 2014 and are believed to operate from Russia with the tacit approval of Moscow’s intelligence services.
The hackers, known as CLOP Ransomware, use a double extortion ransomware strategy to steal sensitive data and demand a ransom to head off the leaking of that information on CLOP’s ransomware site. The attackers have seized sensitive data from several organizations and government agencies, threatening to release it if they are not paid within seven days.
While many organizations had already patched the vulnerability before the cyber actors were able to intrude, the attack has still impacted several federal agencies in the United States and NATO allies. The FBI and CISA warned last week that a ransomware gang had begun exploiting a vulnerability in a file-sharing software called MoveIt Transfer, which is widely used to transfer data. The FBI has encouraged private sector partners to implement recommended measures to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.
Despite the severity of the attack, there is no indication that any of the military branches or the intelligence community were impacted. Furthermore, no federal agencies have so far received extortion demands, and no federal data has been leaked. However, the attack is not yet over, and cybersecurity officials are working hard to prevent further intrusions and limit the damage caused by the attack.
In conclusion, this cyberattack is a serious matter that impacts several federal agencies and institutions worldwide. It is crucial that organizations take cybersecurity seriously and implement recommended measures to protect themselves from such attacks. With the help of cybersecurity experts, we can prevent such attacks from happening in the future and ensure that our data and sensitive information remain secure.
References
- https://amp-static.cbsnews.com/amp/embed/video/?feature%5Bconsent%5D=0&setDevice=mobile&v=23da2bed74e9783333cf303fba619e891686884957&uspri
- https://www.cbsnews.com/baltimore/news/johns-hopkins-university-and-health-system-target-of-cybersecurity-attack/
- https://www.cbsnews.com/news/solarwinds-60-minutes-2021-07-04/
- https://www.cbsnews.com/news/solarwinds-hack-cisa-cybersecurity-grave-threat/
- https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-07-04/
- https://www.cisa.gov/stopransomware/clop-analyst-note
- https://abcnews.go.com/Politics/foreign-actors-information-manipulation-tactics-2022-election-feds/story?id=91160649
