U.S. cyberattack impacts federal agencies, NATO allies

Senior government officials are racing to limit the impact of what’s believed to be a global cyberattack affecting U.S. federal agencies and allies, including NATO member countries. 

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement Thursday that it was providing support to “several federal agencies “that have experienced intrusions affecting their [file transfer] applications.”

“We are working urgently to understand impacts and ensure timely remediation,” the statement continued.

One cybersecurity expert characterized the breach as one of the largest theft and extortion events in recent history. Victims include Johns Hopkins University, the University of Georgia, the BBC and British Airways.

Cybersecurity experts say the hacking gang has been active since at least 2014 and is believed to operate from Russia with the tacit approval of Moscow’s intelligence services. CISA Director Jen Easterly identified the hackers as CLOP Ransomware.

“They’re basically taking data and looking to extort it,” Easterly said. 

Brett Callow, a cyber threat analyst with Emsisoft, told CBS News that there were 47 confirmed victims so far, “plus a number of as yet unidentified U.S. government agencies.” He added that CLOP claimed “hundreds of organizations have been impacted.” 

Late Thursday afternoon, a senior CISA official declined to identify which government agencies had been affected, but noted that the Energy Department had issued a statement indicating it had reported an incident to CISA. The official also said that at this time, there is no indication that any of the military branches or the intelligence community were impacted. 

“This is not a campaign like Solar Winds that presents a systemic risk to our national security or our nation’s networks,” the official said. 

Further, no federal agencies have so far received extortion demands and no federal data has been leaked, the official said.

Many organizations had already patched the vulnerability before the cyber actors were able to intrude, according to CISA.

CLOP works by seizing sensitive data and holding it for ransom, threatening “after 7 days your data will start to be published.” It’s exploiting a vulnerability in a software program called MoveIt Transfer, which is widely used to transfer data. 

A CISA analyst note described CLOP as a ransomware variant that uses a double extortion ransomware strategy. The cybercriminal gang steals the information before encrypting it and then demands a ransom to head off the leaking of that information on CLOP’s ransomware site.

At this point, Easterly says the government is “focused specifically on the federal agencies that may be impacted” and is “working hand-in-hand with them to mitigate the risk.”

“We understand there are businesses, though, around the world,” she added. 

Researcher Bret Callow says victims also include banks and credit unions.

The FBI and CISA warned last week that in late May, a ransomware gang began exploiting a vulnerability in a the file-sharing software MoveIt Transfer.

The FBI declined to comment, but referred CBS News to the security advisory about MoveIt, which also encouraged private sector partners to implement recommended measure to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.

Nicole Sganga and Robert Legare contributed to this report.

For all the latest Automobiles News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.