The Department of Energy and multiple other federal agencies are the victims of a ransomware attack that has already hit businesses in the UK and elsewhere around the globe. The US Cybersecurity and Infrastructure Security Agency, or CISA, is lending support to those agencies "that have experienced intrusions," said Eric Goldstein, CISA's executive assistant director of cybersecurity, in a Thursday statement, reports USA Today. "We are working urgently to understand impacts and ensure timely remediation." A senior CISA official noted that "several hundred" other companies and groups in the US may have also been affected by the hack; various universities and US states have already said they've been compromised in recent weeks, per the Wall Street Journal.
The attack involves Progress Software's MOVEit software, which agencies and firms use to transfer data. The company says a new vulnerability was recently found that "a bad actor" could take advantage of, per CNN, which first reported the breach. Although USA Today notes it's not definitive that the attack was carried out by Russian hackers, US officials say that a "Russian-speaking criminal group was likely responsible," per the Journal, which also notes that the group, known as Clop, has warned it will publish victims' data if a ransom isn't paid this week. Companies in the UK such as British Airways, the BBC, and the Boots drugstore chain were caught up in a similar hack earlier this month that appeared to exploit the same computer bug.
CBS News reports that NATO member countries also were affected by the breach. The attack doesn't appear to have gained widespread access to the inner workings of the US government or "specific high-value information," CISA chief Jen Easterly told reporters Thursday, adding, "This attack is largely an opportunistic one." An official tells the Journal that a "small number" of agencies had been affected, and that they didn't appear to involve intelligence or military networks. That's somewhat of a sigh of relief for those wondering if this breach could prove as devastating as the massive, Russian-driven SolarWinds attack that was discovered in late 2020. That hack was deemed a "dire counterintelligence failure," the Journal notes. (More cyberattack stories.)