Several federal agencies, including the Department of Energy and several others, have been hacked by a Russian cyber-extortion gang. However, Homeland Security officials warned Thursday that the impact would not be very significant. The hack of a popular file-transfer program popular with corporations and governments involved the Russian cyber-extortion gang.
While the hack was beginning to appear to have some serious consequences for some of the hundreds of possible victims - including patrons of at least two state motor vehicle agencies as well as several individuals in the industry - the incident began to cause some concern.
As the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, explained to reporters, this hacking campaign, compared to the meticulous, stealthy SolarWinds hack blamed on state-backed Russian intelligence agents, was relatively short and superficial. It was quickly caught in the act.
Easterly explained that these intrusions are not being used as a means of gaining broad access, gaining persistent access, or stealing specific high-value data. As far as they can tell, the attack is mainly opportunistic and has no other purpose.
CISA officials told a senior reporter that neither the U.S. military nor the U.S. intelligence community had been affected by the hack. Two Energy Department entities were affected. A spokesperson for the agency, Chad Smith, did not provide further details about the incident.
There are so far several organizations affected by this scam such as the Louisiana Department of Motor Vehicles, the Oregon Department of Transportation, the Nova Scotia Provincial Government, British Airways, the British Broadcasting Company, and the United Kingdom drugstore chain Boots.
The exploited program, MOVEit, is widely used by businesses to securely share files. Security experts say that includes sensitive financial and insurance data.
Louisiana officials said Thursday that people with a driver’s license or vehicle registration in the state likely had their personal information exposed including their name, address, Social Security number, and birthdate. They encouraged Louisiana residents to freeze their credit to guard against identity theft.
The Oregon Department of Transportation confirmed Thursday that the attackers accessed some personal information and some other sensitive data. This was for about 3.5 million people to whom state-issued identity cards or driver’s licenses.
The Clop ransomware syndicate behind the hack announced last week on its dark website that its victims, who it suggested numbered in the hundreds, had until Wednesday to contact them to negotiate a ransom or risk having sensitive stolen data dumped online.
The gang, among the world’s most prolific cybercrime syndicates, also claimed it would delete data stolen from governments, cities, and police departments.
The senior CISA official told reporters a “small number” of federal agencies were hit — declining to name them — and said, “This is not a widespread campaign affecting a large number of federal agencies.” The official, speaking on condition of anonymity to discuss the breach, said no federal agencies had received extortion demands and no data from an affected federal agency had been leaked online by Clop.
U.S. officials “have no evidence of coordination between Clop and the Russian government,” the official added.
The breach of the Energy Department and other federal agencies by a Russian ransomware gang underscores the persistent and evolving threats posed by cybercriminals to national security and critical infrastructure. This incident serves as a stark reminder that the fight against cybercrime is an ongoing battle that requires constant vigilance and investment in robust cybersecurity measures. By prioritizing proactive defense strategies, collaboration, and international cooperation, we can work towards a safer and more secure digital environment for all.
According to the official, there are no indications that Clop and the Russian government are coordinating, according to U.S. officials.
An attack by a Russian ransomware gang that has breached the US Department of Energy and other federal agencies makes it evident that cybercriminals will continue to pose a persistent and evolving threat to national security and critical infrastructure in the coming years. Whether it is a cyberattack or an incident of identity theft, a cybercrime at any point in time is a persistent problem that requires constant vigilance and committed investment in effective cybersecurity measures. The key to creating a safer and more secure digital environment for us all is to implement proactive defense strategies, collaborate and cooperate internationally in a concerted effort.
