Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Al Jazeera
Al Jazeera
Business

US government agencies hit in global hacking spree

The global hacking campaign exploited a vulnerability in a widely used software [File: Illustration/Dado Ruvic/Reuters]

Several US government agencies have been hit in a global hacking campaign that exploited a vulnerability in a widely used software, the United States cyber-watchdog agency said Thursday.

The US Cybersecurity and Infrastructure Security Agency (CISA) said several federal agencies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement.

“We are working urgently to understand impacts and ensure timely remediation,” he said.

CISA did not immediately return emails from the Reuters news agency seeking further comment. The FBI and US National Security Agency also did not immediately return emails seeking details on the breaches.

The United States does not expect any “significant impact” from a cyberattack that hit its government agencies, Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, told MSNBC.

The agency was working to fully figure out the attack’s impact and coordinating with other agencies to ensure remediation, Easterly said.

“Right now, we’re focused quickly on those federal agencies that may be impacted and we’re working hand in hand with them to be able to mitigate that risk,” she said.

MOVEit, made by Progress Software Corp, is typically used by organisations to transfer files between their partners or customers.

It could be used by a financial institution that requires their customers to upload their data to apply for a loan, John Hammond, a senior researcher at the security firm Huntress, said earlier this month.

“There’s a whole lot of potential for what an adversary might be able to get into,” he said.

The online extortion group Cl0p, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.

“IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA,” the group said in a statement on its website.

Neither Cl0p nor Progress immediately responded to requests for comment from Reuters.

Earlier this month, US and British cybersecurity officials warned that a Russian cyber-extortion gang had hacked MOVEit and that would have a global impact as the file-transfer program was popular with businesses. Zellis, a leading payroll services provider in the UK that serves British Airways, the BBC and hundreds of others, was among the affected users. UK chemist chain Boots was also affected.

Last month, Microsoft accused Chinese state-sponsored hackers of carrying out attacks against critical infrastructure in the United States.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.