Security News > 2023 > June > US government hit by Russia's Clop in MOVEit mass attack
The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.
Many orgs, including the US government, have been hit via this flaw, with Clop blamed for this mass exploitation.
The US Department of Energy on Thursday confirmed Clop had accessed its data as part of this widespread attack.
Clop has boasted that its miscreants exploited the MOVEit flaw and has demanded corporate victims pay a ransom or else it will name them and leak whatever private info was exfiltrated.
While CISA and the FBI have also blamed Clop for the intrusions, a senior CISA official said there's no evidence to suggest any coordination between Clop and the Kremlin in the MOVEit attacks.
UK telco watchdog Ofcom, Minnesota Dept of Ed named as latest MOVEit victims Hold it - more vulnerabilities found in MOVEit file transfer software Clop ransomware crew sets June extortion deadline for MOVEit victims British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/15/clop_broke_into_the_doe/
Related news
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Clop ransomware threatens 66 Cleo attack victims with data leak (source)