Russian hackers compromised the email addresses of about 632,000 employees from the United States Department of Defense (DoD) and Department of Justice (DOJ). Bloomberg first reported the news of the breach on Monday. The breach occurred on May 28 and 29 according to a new report obtained through the Freedom of Information Act – and it has been classified as a “major incident,” yet the exposed material was not classified and has been described as “generally of low sensitivity.”
Government employee surveys as well as internal tracking codes administered by the Office of Personnel Management (OPM) were reportedly linked to the hijacked email accounts.
However, a significant number of DoD personnel were impacted by this breach. That included representatives from the Pentagon, the Joint Chiefs of Staff, the U.S. Army, the Air Force, the Army Corp of Engineers, and the Office of the Secretary of Defense, Defense Agencies and Field Activities.
The attack also targeted the U.S. Department of Health and Human Services, the Department of Agriculture, and the General Services Administration (GSA).
The Latest MOVEit Madness
As previously reported in June, the United States Cybersecurity and Infrastructure Security Agency (CISA) warned that it was providing support to several federal agencies that came under a cyberattack reported to be conducted by Russian cybercriminals.
It was not disclosed at the time that the DoD or DOJ had been impacted.
However, it was known that threat actors exploited a vulnerability in widely used file transfer software, the top U.S. cybersecurity agency warned. The Department of Energy was among multiple federal agencies breached in the ongoing global hacking campaign, which also impacted “several hundred” companies and organizations within the United States.
According to CNN, Clop (aka C10p) – a ransomware gang – was allegedly responsible for the attacks, and it is known to demand multimillion-dollar ransoms. The group appears to have used the MOVEit hack, which was first disclosed last month by Progress Software after it warned that hackers had found a way to break into its MOVEit Transfer tool.
MOVEit is software that was developed to allow for sensitive files to be transferred securely, and it has become popular around the world with most of its customers in the U.S.
“The recent cyberattack on DOJ and Pentagon emails is just one of the many attacks stemming from the MOVEit vulnerability, with this breach leading to over 600,000 email addresses from the Justice and Defense departments being accessed by Russian hackers,” said Roger Neal, head of products at Apona Security.
Third-party Software Remains a Weak Link
This is hardly the first time hackers exploited the vulnerabilities of third-party software, which can be a weak link in an enterprise’s network. It serves as a warning of why keeping track of all third-party components is so important.
“It’s yet another example of how things can go south if we’re not on top of what third-party software we’re using and consistently staying up to date with vulnerability management,” Neal told ClearanceJobs via an email.
“It doesn’t matter if we scan for vulnerabilities if we don’t document the existence of the vulnerable component. An accurate inventory of third-party components serves as a foundational element in building a resilient security posture,” he explained. “This inventory acts as a roadmap, guiding the vulnerability management process, ensuring that no stone is left unturned, and every potential threat vector is accounted for. A disciplined approach to third-party component inventory and vulnerability management is not a luxury but a necessity in today’s threat-laden digital landscape.”
Vulnerability Management Needs to be Ongoing
This incident should also serve as just another reminder that vulnerability management needs to be ongoing, especially for issues of critical nature.
“Hackers are relentless and continuously evolve their tactics,” added Neal. “They probe systems for any weak link, and an outdated third-party component can be just the loophole they need to infiltrate secure networks. This is why a proactive approach to vulnerability management is crucial. By regularly scanning for vulnerabilities and applying patches promptly, we can significantly mitigate the risk of a security breach.”
