The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said that several federal government agencies in the United States were hit by a global cyberattack affecting widely used software.
Eric Goldstein, the agency’s executive assistant director for cybersecurity, in a statement to CNN, said that the security agency is “providing support to several federal agencies that have experienced intrusions after the discovery of a weakness in the file transfer software MOVEit.”
“We are working urgently to understand impacts and ensure timely remediation,” he added.
It is not yet clear if the Russian-speaking cyber gang, which has claimed responsibility for several cyberattacks in the past, was the one behind intrusions faced by federal agencies.
As per CNN reports, a CISA spokesperson did not comment on being asked as to who was responsible for the breaching of federal agencies and how many were affected by the hacking crusade.
As per news agency Reuters, the FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.
CISA Director Jen Easterly told MSNBC on Thursday that she was absolutely confident that there will be no significant impacts from the hacks on federal agencies.
Created by Progress Software Corp, the MOVEit tool is used to transfer files by organisations between their partners or customers.
John Hammond, a senior researcher at the security firm Huntress, said that this tool could also be used by financial institutions that require their customers to upload their data to apply for a loan.
“There’s a whole lot of potential for what an adversary might be able to get into,” he said.
The online extortion group Cl0p, which claimed responsibility for the MOVEit hack, previously had said that it would not exploit any data taken from government agencies.
“If you are a government, city or police service do not worry, we erased all your data,” the group said in a statement on its website.
As per the Reuters report, Cl0p or Progress also did not immediately respond to requests for comment.
(With inputs from agencies)
