U.S. federal agencies are among the latest casualties of an extensive global cyberattack that exploits a flaw in commonly utilized software.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been providing support to an undisclosed number of federal agencies experiencing intrusions through their MOVEit applications, a software impacted by this attack, CNN reported.
CISA is actively seeking to comprehend the extent of the damage and expedite remediation, according to Eric Goldstein, the agency's executive assistant director for cybersecurity.
Uncertainty looms over whether the Russian-speaking ransomware group, which has previously claimed responsibility for multiple victims of the ongoing hacking spree, orchestrated this breach. CISA has not revealed the identity of the attackers or the exact number of federal agencies affected.
This incident adds to an alarming surge of cyberattacks over the past fortnight that has affected state governments, as well as leading U.S. universities. These increasing instances of cybercrimes heighten pressure on federal officials who have committed to curtailing the wave of ransomware attacks crippling schools, hospitals, and local governments nationwide.
According to Google-owned cybersecurity firm Mandiant, the attacks appeared to be orchestrated by state-sponsored Chinese hackers who exploited a security loophole in the widely used email security app, Barracuda Networks’ Email Security Gateway.
Charles Carmakal, Mandiant's Chief Technical Officer, classified this cyber espionage operation as "broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021." The earlier Microsoft Exchange hack left tens of thousands of computers across the globe compromised.
Johns Hopkins University and its health system recently announced that sensitive personal and financial information, inclusive of health billing records, may have been compromised in the hack. In addition, Georgia's statewide university system, which includes the University of Georgia and over a dozen other state colleges, is assessing the impact and severity of the hack.
In a blog post released on Thursday, Google-owned Mandiant expressed a high degree of certainty that the group exploiting the vulnerability in the Barracuda Networks' Email Security Gateway was engaged in "espionage activities backing the People’s Republic of China." The firm traced the start of this covert operation back to October, underlining the persistence and far-reaching implications of such a breach.
A Russian hacking group known as C10p claimed responsibility for several hacks, which affected employees from organizations like BBC, British Airways, Shell, and state governments in Minnesota and Illinois, among others. Cybersecurity experts suggest that other groups might now have the required software code to launch similar attacks.
While C10p had set a deadline for victims to negotiate ransom payment, it started to list more victims on its dark web extortion site after the deadline passed. So far, no U.S. federal agencies have been named on the site. This large-scale attack underscores the potential havoc a single software vulnerability can cause when exploited by adept cybercriminals.
The perpetrating hackers, a group known for their favored malware since 2019, began exploiting a new vulnerability in the widespread file-transfer software, MOVEit, in late May. Their indiscriminate approach made numerous organizations susceptible to extortion. Progress, the U.S. company that owns MOVEit, has since advised victims to update their software and issued security guidelines.