Director of the Cybersecurity and Infrastructure Security Agency (CISA) Gene Easterly testifies before the House Subcommittee on Homeland Security, in the Rayburn House office building on April 28, 2022 in Washington, DC.

Kevin Deitch | Getty Images

Several US agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file-sharing software.

The Cybersecurity and Infrastructure Security Agency, the nation’s largest civilian cybersecurity oversight agency, said Thursday that it is still investigating the scope of the breaches, according to Eric Goldstein, its assistant executive director.

“CISA provides support to many federal agencies that have experienced break-ins,” he said. “We are working urgently to understand the implications and ensure timely treatment.”

Hackers exploited a vulnerability in a program called MOVEIt, which is a popular tool for quickly transferring files.

Charles Carmackal, chief technology officer of Mandiant, a cybersecurity firm owned by Google whose clients include government agencies, said he was aware of some data theft from federal agencies through the MOVEIt hacks.

It was not immediately clear if the stolen files were sensitive or if the hackers disrupted government systems. CNN reported it for the first time On the CISA statement.

This incident marks the third known in many years that foreign hackers have managed to infiltrate several federal agencies and steal information. In the year 2020, hackers working for Russian intelligence broke into nine agencies By hacking the software they used developed by a company in Texas called SolarWinds. The following year, Chinese intelligence hackers broke into additional agencies through a telework program called Safe pulse.

In an interview with NBC News’ Andrea Mitchell on Thursday, CISA director Gene Easterly said the agency was tracking hackers “like a well-known group of ransomware.”

This appears to be a reference to a well-established cybercriminal group called CL0P.

Last week, CISA and the FBI released a dossier warning that CL0P was exploiting a previously unknown vulnerability in MOVEIt. In a rapid hacking spree, the group used the flaw to steal files from at least 47 organizations and demand payment not to post them online, said Brett Callow, an analyst at cybersecurity firm Emsisoft.

CL0P is essentially a Russian-speaking cybercrime gang, said Alan Leska, a ransomware expert at cybersecurity firm Recorded Future.

The Office of the Director of National Intelligence declined to comment. The National Security Council did not immediately respond to a request for comment.

CL0P’s campaign to hack victims through MOVEI was incredibly widespread, said Wendy Whitmore, who leads threat analysis at cybersecurity firm Palo Alto Networks.

“I think it’s at least hundreds, if not more” of the total casualties, she said.

This is a developing story. . Please check back for updates


Leave a Reply

Your email address will not be published. Required fields are marked *