US Investigators have not determined who is responsible for the cyberattack
Several U.S. government agencies have been hit by a cyberattack that exploits software commonly used in both governments and companies across the globe, officials announced Thursday.
The U.S. Cybersecurity and Infrastructure Security Agency is working to determine the origin of the attack and what may have been stolen. Officials say the attack exploited a weakness with the “MOVEit” application.
“It’s a software that federal agencies and companies across the world use. We put out an advisory about this last week, and we’re responding to it,” CISA Director Jen Easterly told MSNBC.
“You know, these vulnerabilities are pretty common in software, and our job is to work with businesses to ensure they have the resources and tools to mitigate that risk.”
“Right now, we’re focused specifically on those federal agencies that may be impacted, and we’re working hand in hand with them to be able to mitigate that risk. We understand that there are businesses, though, around the world. It’s another ransomware actor known as Clop Ransomware, and they’re basically taking data and looking to extort it,” Easterly added.
Easterly did not specify which U.S. government agencies have been impacted by the attack.
The incident comes months after President Biden’s administration rolled out a new National Cybersecurity Strategy that aims to protect the nation’s critical infrastructure from “borderless” cyber threats.
The rollout of the strategy came days after the U.S. Marshals Service confirmed it had been targeted by a ransomware attack over a week ago, compromising sensitive information, including data on fugitives.
There were a flurry of cyberattacks in early 2023, including when Tallahassee Memorial HealthCare in northern Florida was forced to take its information technology systems offline after it was hit bay an apparent ransomware attack.
A cyberattack at the Pipefitters Local 537 in Boston was also discovered in February. The union retained a cybersecurity forensic investigator who learned the cyberattack on the union’s health fund resulted in the loss of $6.4 million. It did not appear that personal information of the union’s members was stolen or compromised, officials said.
USTOWER
Guiding America by Light