On Thursday, U.S. officials reported that several government agencies were targeted in a cyberattack. The attackers exploited a software vulnerability that had previously been used to target prominent businesses in the United Kingdom. The extent and seriousness of the hack are yet to be determined. Still, a senior Cybersecurity and Infrastructure Security Agency official confirmed that “several federal agencies” had been breached.
Eric Goldstein, the official, stressed the importance of quickly understanding and addressing the impacts of the breaches within the federal government, which CNN initially reported. Goldstein did not disclose the suspected culprits or provide specifics regarding the number of agencies affected. It’s important to mention that cyberattacks and security breaches frequently target the U.S. government, but the damage caused is typically contained.
Nonetheless, some attacks on U.S. agencies have been highly destructive. For instance, the SolarWinds hack by Russian spies remained undetected for several months until it was discovered in late 2020, leading to significant concerns about counterintelligence failure. Another breach, attributed to the Chinese government and detected in 2015, resulted in the theft of over 22 million sensitive personnel records and nearly six million fingerprints belonging to U.S. employees and their associates.
Several recent data breaches have affected various businesses, including British Airways and the British Broadcasting Corporation. The most recent disclosure is linked to the same software vulnerability. While the initial targets seemed concentrated in the U.K., the impact has now become global. Several U.S. states and universities have also reported compromises and are actively investigating the extent of the breaches. Experts suggest that these attacks may have been opportunistic rather than targeted, aiming to exploit vulnerable systems.
It remains unclear if the hackers responsible for the earlier intrusions, which a Russian criminal ransomware group claimed credit for, are also behind the attack on federal government agencies. Once one hacker discovers a software bug, it can be weaponized by others, especially if the flaw exists in widely used software. The Russian group, known as Cl0p, has threatened to publish victims’ data unless a ransom is paid.
The specific software targeted in this attack is called MoveIt, developed by Massachusetts-based Progress Software. MoveIt is a popular product used for managing file transfers within computer networks and provides various services. Progress Software has released public security guidance and patches to address the vulnerability and continues to investigate the issue. The company is collaborating with cybersecurity experts, law enforcement agencies, and customers to respond effectively and ensure everyone is updated with the necessary security patches.
This attack on MoveIt highlights the risks faced by companies and government agencies from third-party technology providers, even if they themselves do not use the vulnerable software but have connections with those who do. In the cases of the BBC and British Airways, the hackers initially exploited their payroll service provider before infiltrating their systems. Cybercriminals frequently target file-transfer services like MoveIt due to the potential for compromising the software and gaining unauthorized access to sensitive information from numerous victims.