The United States Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that it was providing support to several federal agencies that came under a cyberattack reported to be conducted by Russian cybercriminals. The threat actors exploited a vulnerability in widely used file transfer software, the top U.S. cybersecurity agency warned.
The Department of Energy was among multiple federal agencies breached in the ongoing global hacking campaign, which also impacted “several hundred” companies and organizations within the United States on this latest hacking spree, CISA officials told reporters on Thursday.
CNN reported that Clop (aka C10p) – a ransomware gang – was allegedly responsible for the attacks, and it is known to demand multimillion-dollar ransoms. However, no ransom demands had been made of federal agencies, CISA added.
Hacking MOVEit
The group appears to have used the MOVEit hack, which was first disclosed last month by Progress Software after it warned that hackers had found a way to break into its MOVEit Transfer tool.
MOVEit is software was developed to allow for sensitive files to be transferred securely, and it has become popular around the world with most of its customers in the U.S.
“This series of cyber-attacks is clearly a case of software supply chain risk,” explained Kumar Ritesh, founder and CEO of cybersecurity provider CYFIRMA.
“The MOVEIt file transfer software is widely used by federal agencies as well as critical infrastructure organizations,” Ritesh told ClearanceJobs.”The vulnerabilities of this software have been exploited by the Russia-linked extortion group Cl0p.”
The group has a known link to the Russian intelligence agency. Its name is derived from the Russian word “klop,” which translates to “bedbug.” The group first surfaced in 2019 using its namesake ransomware, which is part of the Cryptomix ransomware family. Clop is also noted for employing malware that is explicitly designed not to execute on Russian language systems, while it has continued to target entities around the world.
“The group’s motive has mostly been financial gain but with these new attacks on the U.S. government, we cannot rule out that their objective would be to cause massive disruption to the U.S. and further their geopolitical agenda. The risk of kinetic attacks that could put people’s lives in danger has heightened,” added Ritesh. “To mitigate the software supply chain attacks, the government and businesses have to continuously monitor for software integrity, conduct stringent validation of the software before deployment, and ensure checks are made on APIs that could be exposed by the various software that are being used.”
More to Come?
Attacks of such magnitude have been rare, but cybersecurity experts warn that this could become the new norm.
“We can expect such attacks to continue on a regular basis and continue rising. Market macroeconomics, budget pressures, ongoing staff reductions (RIFs), and the constant influx of technological innovations, including the influence of generative AI, all contribute to this increasing trend. Furthermore, with a shortage of cybersecurity professionals in the mix, it becomes even harder to stay ahead and proactively tackle these threats,” suggested George Alifragis, board director at the Cyber Security Global Alliance.
This recent urgent prioritization of cybersecurity should be considered crucial at all levels of government, with a focus on managing cyber risk effectively.
“By supplementing resources and capabilities through strategic partnerships, particularly at the state and local level, government entities can enhance their cybersecurity posture,” Alifragis told ClearanceJobs. “Furthermore, ensuring close coordination between the public and private sectors is imperative for a unified response to significant cyber incidents impacting national security and the broader economy.”
Serious Threat Actor
There remains a real danger that such attacks could cause damage to our nation’s critical infrastructure, and that efforts must be taken to help mitigate such a threat.
“Imagine the national or even local power grid collapse. No gas, no ability to keep food in storage, no means to get and use money,” explained Dr. Chris Golden, vice president and chief information security officer (CISO) at the Cyber Security Global Alliance.
To counter the threat, Golden told ClearanceJobs that all agencies and businesses should consider next-generation solutions.
“Quantum mirroring and the BIoT LegacyArmor products could have prevented this kind of attack,” Golden continued. “Both products seek to move both left and right from the dreaded adversary to either prevent the attack from occurring in the first place or easily recover after the attack by providing almost immediate resilience for networks.”
