A cyberattack has impacted several Federal agencies, who have experienced intrusions affecting their MOVEit applications, according to the Cybersecurity and Infrastructure Security (CISA).
CISA Director Jen Easterly confirmed that the agency is “currently providing support to several Federal agencies that have experienced intrusions affecting their MOVEit applications.”
CISA and the FBI published a joint cybersecurity advisory on June 7, warning that cyber threat actors could exploit a vulnerability to steal data from Progress Software’s managed file transfer solution, known as MOVEit. The agencies tied exploitation of the vulnerability to the CL0P Ransomware Gang.
Easterly told reporters on Thursday that CISA is “not tracking any significant impacts to the Federal civilian executive branch (.gov) enterprise,” and is continuing to work with Progress Software, the FBI, and Federal partners on this issue.
“While our teams are urgently focused on addressing risks posed by this vulnerability, it’s important to clarify the scope and nature of this campaign,” Easterly said. “Specifically, as far as we know, these actors are only stealing information that is being stored on the file transfer application at the precise time that the intrusion occurs.”
“Although we are very concerned about this campaign and working on it with urgency, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks,” she added. “In sum, as we understand it, this attack is largely an opportunistic one.”
Although Easterly did not provide more specifics on the Federal agencies affected by the cyberattack, the Department of Energy (DoE) confirmed to MeriTalk that it had been compromised in the breach.
“The U.S. Department of Energy (DoE) takes cybersecurity and the responsibility to protect its data very seriously. Upon learning that records from two DoE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DoE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA),” a DoE spokesperson told MeriTalk.
“The department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” they added.
CISA is reminding all organizations to apply the mitigations laid out in the joint cybersecurity advisory. As with all cyber incidents, Easterly encouraged potentially impacted organizations to reach out to CISA via cisa.gov/report or their regional cybersecurity representative.