June 16th – Government officials are working quickly to reduce the impact of a global cyberattack affecting U.S. government agencies and their NATO allies.
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it is helping affected agencies.
How did the attack occur? Anne Neuberger, a deputy national security advisor for the National Security Council, explained that the hackers, of Russian origin, exploited a weakness in a popular file transfer application.
“They’ve (the hackers) started releasing some of the data that was stolen as part of their work to extort these companies,” Neuberger said. In addition, Neuberger suggests that anyone who has used these applications to patch and lock down their systems.
Another cyber security expert described the event as one of the largest theft and extortion breaches that’s happened in recent times.
Jen Easterly, CISA Director, identified the hackers as CLOP Ransomware.
“They’re basically taking data and looking to extort it,” Easterly said.
“This is not a campaign like Solar Winds that presents a systemic risk to our national security or our nation’s networks,” another CISA official said.
Many organizations had already patched the vulnerability before the hackers could infiltrate their systems.
CLOP Ransomware targets a software program called MoveIt Transfer, used for data transfer, that utilizes a double extortion strategy. The ransomware gang steals information, encrypts it, and demands a ransom to prevent the information from being leaked on their site.
The FBI declined to make any comments.