Security News > 2023 > June > US government hit by Russia's Clop in MOVEit mass attack
The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability.
Many orgs, including the US government, have been hit via this flaw, with Clop blamed for this mass exploitation.
The US Department of Energy on Thursday confirmed Clop had accessed its data as part of this widespread attack.
Clop has boasted that its miscreants exploited the MOVEit flaw and has demanded corporate victims pay a ransom or else it will name them and leak whatever private info was exfiltrated.
While CISA and the FBI have also blamed Clop for the intrusions, a senior CISA official said there's no evidence to suggest any coordination between Clop and the Kremlin in the MOVEit attacks.
UK telco watchdog Ofcom, Minnesota Dept of Ed named as latest MOVEit victims Hold it - more vulnerabilities found in MOVEit file transfer software Clop ransomware crew sets June extortion deadline for MOVEit victims British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/15/clop_broke_into_the_doe/
Related news
- U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems (source)
- One year on, universities org admits MOVEit attack hit data of 800k people (source)
- University System of Georgia: 800K exposed in 2023 MOVEit attack (source)
- Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst (source)