US Government Agencies Hit in Global Hacking Campaign, Doesn't Expect Significant Impact

MOVEit, made by Progress Software, is typically used by organizations to transfer files between their partners or customers.

By Reuters | Updated: 16 June 2023 00:26 IST

US Government Agencies Hit in Global Hacking Campaign, Doesn't Expect Significant Impact

The online extortion group Cl0p has claimed credit for the MOVEit hack

Highlights

Federal bodies faces intrusions due to vulnerability in software MOVEit
CISA did not identify the agencies that were hit
Cl0p earlier said it would not exploit any data from government agencies

The US government has been hit in a global hacking campaign that exploited a vulnerability in widely used software but does not expect it to have significant impact, the nation's cyber watchdog agency said on Thursday.

The US Cybersecurity and Infrastructure Security Agency (CISA) said several federal bodies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement.

"We are working urgently to understand impacts and ensure timely remediation," he said. CNN first reported on the statement.

CISA did not identify the agencies that were hit or say exactly how they had been affected. It did not immediately respond to requests seeking further comment. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.

The United States does not expect any "significant impact" from the breach, CISA Director Jen Easterly told MSNBC.

MOVEit, made by Progress Software, is typically used by organizations to transfer files between their partners or customers. Progress shares fell 4 percent.

It could be used by a financial institution that requires their customers to upload their data to apply for a loan, John Hammond, a senior researcher at the security firm Huntress, said earlier this month.

"There's a whole lot of potential for what an adversary might be able to get into," he said.

The online extortion group Cl0p, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.

"IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA," the group said in a statement on its website.

Neither Cl0p nor Progress immediately responded to requests for comment.

Apple unveiled its first mixed reality headset, the Apple Vision Pro, at its annual developer conference, along with new Mac models and upcoming software updates. We discuss all the most important announcements made by the company at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.