Several federal agencies, including the Department of Energy, fell victim to a global cyber-extortion attack orchestrated by a Russian ransomware gang, targeting a popular file-transfer program widely used by corporations and governments, according to a report by AP.
While Homeland Security officials assured that the impact was expected to be minimal, other sectors such as industry, higher education, and two state motor vehicle agencies experienced significant repercussions.
Relatively Short and Superficial
Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency, addressed the media, highlighting the distinction between this attack and the sophisticated SolarWinds hacking campaign attributed to state-backed Russian intelligence agents.
Easterly explained that the recent campaign was relatively short-lived, superficial, and swiftly detected.
According to Easterly, discussions with industry partners revealed that the intrusions did not aim to gain broader access or steal specific high-value information.
The attack appeared largely opportunistic, lacking the SolarWinds campaign's strategic depth. Easterly emphasized that the nation's networks and national security were not under systemic risk.
While the US military and intelligence community remained unscathed, two entities within the Energy Department were compromised, as confirmed by Energy Department spokesperson Chad Smith, who refrained from providing further details to AP.
The list of known victims continued to grow, encompassing entities such as Louisiana's Office of Motor Vehicles, Oregon's Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the UK drugstore chain Boots.
Businesses use The file-sharing program MOVEit extensively to ensure the secure transmission of files, including confidential financial and insurance data.
Officials in Louisiana made a public announcement, revealing that individuals with a driver's license or vehicle registration in the state likely had their personal information compromised.
This includes sensitive details such as their name, address, Social Security number, and birthdate. As a preventive measure against potential identity theft, Louisiana residents were strongly advised to freeze their credit.
Similarly, the Oregon Department of Transportation confirmed that unauthorized access had been obtained to the personal information of around 3.5 million individuals holding state-issued identity cards or driver's licenses.
Read Also: Ransomware Gang Breaches Coca-Cola Database? Hackers Conduct Telegram Survey To Choose Next Victim
Cl0p Ransomware GangThe: The Cl0p ransomware syndicate is responsible for the attack on its dark website, urging victims to contact them by Wednesday to negotiate a ransom and avoid the potential public release of stolen sensitive data. The cybercrime syndicate, widely recognized for its illicit activities, asserted its intention to erase any stolen data obtained from government entities, municipalities, and law enforcement agencies. A senior Cybersecurity and Infrastructure Security Agency official revealed that a "small number" of federal agencies were affected, refraining from disclosing specific names. The official emphasized that the breach did not constitute a widespread campaign targeting several federal agencies.
Additionally, the official confirmed that federal agencies had received no extortion demands, and Cl0p had refrained from publicly disclosing any data obtained from the affected federal entities.
Related Article: Ransomware Gang, Ragnar Locker, Issues Threat to Victims that will Contact the FBI or Other Authorities
