happyliza
The Living Force
US energy department, other agencies hit in global hacking spree
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday.
www.reuters.com
US energy department, other agencies hit in global hacking spree
By Zeba Siddiqui and Raphael SatterJune 16, 20234:46 AM GMT+3Updated 4 days ago
June 15 (Reuters) - The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday.
Data was "compromised" at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a statement.
A DOE official said those entities were the DOE contractor Oak Ridge Associated Universities, and the Waste Isolation Pilot Plant - the New Mexico-based facility for disposal of defense-related nuclear waste.
Advertisement · Scroll to continue
British energy giant Shell (SHEL.L), the University System of Georgia, the Johns Hopkins University and the Johns Hopkins Health System were also hit, all three groups said in separate statements. The latter is a nonprofit that collaborates with the university and runs six hospitals and primary care centers.
The new victims add to a growing list of entities in the U.S., Britain and other countries whose systems were infiltrated through the MOVEit Transfer software. The hackers took advantage of a security flaw that its maker, Progress Software (PRGS.O), discovered late last month.
The Russia-linked extortion group Cl0p, which has claimed credit for the MOVEit hack, earlier said in a statement that it would not exploit any data taken from government agencies, and that it had erased all such data. It did not immediately respond to a request for further comment.
Advertisement · Scroll to continue
The U.S. Cybsecurity and Infrastructure Security Agency (CISA) said it was helping several federal agencies that had been breached, but did not name them.
"At this time, we are not tracking any significant impacts to the federal civilian executive branch (.gov) enterprise but are continuing to work with our partners on this issue," the agency said in a statement.
The energy department, which manages U.S. nuclear infrastructure and energy policy, said it had notified Congress of the breach and is participating in investigations with law enforcement and CISA.
A Shell spokesperson said there was no evidence of impact to Shell’s core IT systems from the MOVEit Transfer-related breach. "There are around 50 users of the tool, and we are urgently investigating what data may have been impacted," she added.
Advertisement · Scroll to continue
Johns Hopkins also said it was "investigating a recent cybersecurity attack targeting a widely used software tool that affected our networks."
The University System of Georgia, which groups about 26 public colleges, said it was "evaluating the scope and severity of this potential data exposure" from the MOVEit hack.
Large organizations including the UK's telecom regulator, British Airways, the BBC and drugstore chain Boots emerged as victims last week.
CISA did not immediately respond to requests seeking further comment. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.
A MOVEit spokesperson said the company had "engaged with federal law enforcement" and was working with customers to help them apply fixes to their systems.
Progress Software's shares ended down 6.1% on Thursday. The company disclosed another "critical vulnerability" it found in MOVEit Transfer on Thursday, although it was not clear whether it had been exploited by hackers.
MOVEit Transfer is a popular tool used by organizations to share sensitive information with partners or customers. It could be used by a bank's customers, for instance, to upload their financial data for loan applications, said John Hammond, a security researcher at Huntress.
"There's a whole lot of potential for what an adversary might be able to get into," he said earlier this month.
Many other companies and countries were affected, but of course they would play it down. Capita was also attacked for instance, and they deal with everyone's DSS benefits and more. So much info was stolen from the companies and deleted.
