Russian cybercriminals reportedly launched a global cyberattack that exploited several U.S. federal government agencies and higher educational institutions, including the University System of Georgia and the University of Georgia.
The attack exploited MOVEit Secure File Transfer and Automation software, which is used to securely share sensitive data files.
U.S. government agencies and several hundred U.S. companies and organizations could be impacted by the hacking, an official with the U.S. Cybersecurity and Infrastructure Security Agency told reporters on Thursday.
Clop is the ransomware syndicate believed to be responsible, for the cyberattack. Last week, the group posted to its dark web urging its victims to reach out and negotiate a ransom or risk having sensitive data leaked online, although cybersecurity experts say the Clop criminals cannot be trusted to keep their word. The gang claimed it would delete any data stolen from governments, cities and police departments, Fox 5 Atlanta reported.
Victims include the U.S. Department of Energy, the University System of Georgia, the University of Georgia, Johns Hopkins University and its health system, Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways and the British Broadcasting Company.
The Department of Energy said in a statement to CNN that it took “immediate steps” to reduce the impact of the cyberattack after being made aware that records from two department entities had been compromised. The department said it notified Congress and is working with law enforcement, CISA and the affected entities to investigate the incident.
A spokesperson for the University System of Georgia told Fox 5 Atlanta that it and the University of Georgia had purchased the MOVEit software to store and transfer sensitive data, and that the institutions are investigating the possible hack.
“Progress Software recently identified a zero-day defect in its MOVEit software, a vulnerability that likely allowed cybercriminals unauthorized access to information stored in the MOVEit secure repositories operating at numerous customer sites, including USG and the University of Georgia,” the spokesperson said.
USG staff quickly limited internet access to the software and applied a patch to fix the code after learning of the attack. University officials said they are actively monitoring the situation and will be evaluating the “severity of this potential data exposure.”
In a statement to The Atlanta Journal-Constitution, USG said it is “actively monitoring further communications from Progress Software and will adhere to any future recommendations. USG’s cybersecurity experts are evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”
Johns Hopkins University and Johns Hopkins Health System confirmed in a statement that their “initial investigation suggests that the data breach may have impacted sensitive personal and financial information, [including names, contact information, and health billing records.] “