A Russian Hackers Group Targets US Government Agencies
In a recent announcement, the Cybersecurity and Infrastructure Security Agency (CISA) revealed that a Russian hackers group known as “CL0P” or “TA505” has successfully infiltrated various US government agencies. Although the origin of the cyberattack is Russia, there is currently no evidence to suggest any involvement from the Russian government, according to a senior US government official.
Minimal Impact on Government Activities
Jen Easterly, the director of CISA, stated during a telephone press conference that the cyberattack by CL0P will not have a significant impact on the government’s operations. Easterly emphasized that this attack is of smaller scale compared to the massive cyberattack in 2019, which was orchestrated by Russian agents and affected thousands of government agencies and companies. Unlike the SolarWinds attack, this recent breach targeted the widely used encryption software “MOVEit” via a vulnerability.
Exploiting Vulnerabilities in “MOVEit” Software
According to the information released, the hackers utilized a vulnerability in the “MOVEit” software to infect computers with malware and steal data. They then demanded ransom from their victims. Ipswitch, the company behind “MOVEit,” disclosed the discovered vulnerability on June 5 and initiated an investigation while working with clients to mitigate potential harm. CISA published a report on June 7, cautioning government agencies and pointing to “CL0P” as the responsible party.
Widespread Cyberattacks in the United States
This recent attack is just one among many in a wave of cyberattacks affecting universities, hospitals, and local governments throughout the United States. Johns Hopkins University and its associated health centers fell victim to a cyberattack resulting in the theft of personal information, including patient names and bank details. The state university system of Georgia, as well as the governments of Illinois and Minnesota, also experienced cyberattacks in late May.
As the investigation into the CL0P cyberattack continues, CISA and relevant authorities are working diligently to minimize the impact and enhance cybersecurity measures to prevent future breaches.