The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that several US government agencies were hit in a global hacking campaign that exploited a vulnerability in the file transfer software MOVEit, made by Progress Software Corp.
The software is used to transfer files between agencies and their partners or customers. The hacking campaign began in earnest approximately two weeks ago, targeting universities and state government agencies. The BBC, British Airways, and the Shell oil company also reported hacks within the last two weeks. The online extortion group CL0P (aka TA505), which has claimed credit for the MOVEit hack published on their website a public message saying: “IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA.” Managed service providers (MSPs) are a favorite target of the CL0P gang, responsible for 11% of attacks in 2022. Several governments and major companies around the world confirmed that information from their systems was accessed. “Considered to be one of the largest phishing and malspam distributors worldwide, TA505 is estimated to have compromised more than 3,000 U.S.-based organizations and 8,000 global organizations,” CISA said.The United States does not expect any “significant impact” from the breach.
