Several US Agencies Hit In Global Cyberattack Alongside Universities, Hospitals

On Thursday the US Cybersecurity and Infrastructure Security Agency announced that "several" US federal government agencies were hit in what's being acknowledged as a global cyberattack.

The attack utilized a vulnerability in widely used software, with the agencies have "experienced intrusions affecting their MOVEit applications," according to a US government statement. “We are working urgently to understand impacts and ensure timely remediation," Eric Goldstein, a top US cybersecurity official, said.

several us agencies hit in global cyberattack alongside universities hospitals

Initial suspicion has fallen on a Russian-speaking ransomware group, known as CLOP, which has claimed responsibility for a similar ongoing hacking campaign which targeted entities ranging from BBC to British Airways to Shell oil, to schools and hospitals, as well as some US state governments in the Midwest.

CNN reviews of a recent and ongoing hacking campaign as follows

But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.

As part of this, the famous Johns Hopkins University and Health System has also been deeply impacted.

Officials in a letter to the Hopkins community said that an early and ongoing investigation found that the attack "may have impacted the information of Johns Hopkins employees, students and/or patients."

The Johns Hopkins attack came to light on May 31 and also had exploited the vulnerability in the MOVEit software. It's not believed at this time that individual patient medical records were compromised.

A cybersecurity expert, Bill Sieglein, has been cited in local media to explain...

"This was called a 'zero-day attack,' meaning the attackers, who are out of Russia, a group known as CLOP, they discovered a vulnerability in this piece of software called MOVEit. MOVEit is a piece of software that allows you to move large data files between networks and between systems. They found a vulnerability before anybody knew about it and, all at once, launched an attack worldwide," Sieglein said.

CNN has noted that at this point the persistent attacks may be the work of multiple bad actors. "The Russian hackers were the first to exploit the vulnerability, but experts say other groups may now have access to software code needed to conduct attacks," the report notes.

"The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web," CNN explains. "As of Thursday morning, the dark website did not list any US federal agencies."

Authored by Tyler Durden via ZeroHedge June 15th 2023