US gov agencies slammed by MOVEit hack


Multiple US government agencies have been breached by the Cl0p ransom gang’s global hacking campaign exploiting a zero-day bug in the MOVEit file transfer platform.

But in a twist of fate, unlike the hundreds of other victims claimed by Cl0p in the Moveit attacks, it seems the Russian-linked group is giving the US government a pass and has deleted any information it acquired from US federal agencies.

This, as the gang appears to have added the names of more organizations that have allegedly fallen victim to Cl0p and the MOVEit Transfer system’s zero-day flaw.

ADVERTISEMENT

The gang posted a message on its dark leak site only hours after the US Cybersecurity and Infrastructure Security Agency (CISA) announced the hack Thursday.

“WE GOT A LOT OF EMAILS ABOUT GOVERNMENT DATA WE DON'T HAVE IT,” the group posted.

“WE HAVE COMPLETELY DELETED THIS INFORMATION WE ARE ONLY INTERESTED IN BUSINESS, EVERYTHING RELATED TO THE GOVERNMENT HAS BEEN DELETED, Cl0p said.

Cl0p message to US government
Cl0p leak site

CISA executive assistant director Eric Goldstein said several federal agencies found they had been compromised after discovering the vulnerability present in the MOVEit software used by multiple government agencies.

Friday, the US Energy Department was identified as one of those affected federal agencies.

CISA “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Goldstein said.

"We are working urgently to understand impacts and ensure timely remediation," he said.

ADVERTISEMENT

Cl0p was able to take advantage of a zero-day flaw in MOVEit Transfer, a managed file transfer software system used by hundreds of companies around the world to send and receive files from their clients using secure channels.

The US cyber watchdog agency did not provide specific details or name the agencies affected by the hack.

CISA director Jen Easterly said the US did not expect any "significant impact" from the attacks, according to an MSNBC report.

Easterly said CISA was working to fully understand the impact of the attack on agency operations, as well as coordinate with other departments to mitigate any damage.

The US Federal Bureau of Investigation and the National Security Agency also had no comment at the time of this report.

More victim names released

Meantime, there are now a total of 25 victims named on the Cl0p home page. Earlier today, there were only a dozen listed, including the Cybernews-confirmed victim Shell Global.

Other notable US victims listed on the leak page include the University of Georgia, 1st Source Bank, First National Bankers Bank, Power Financial Credit Union, and the healthcare benefits company HealthEquity.

Cl0p MOVEit  victim names
Cl0p leak site

The Russian-linked Cl0p ransomware group, which claimed to have carried out the massive MOVEit attack by posting an announcement on its dark leak site, threatened to release the names of its victims, along with troves of stolen data, if victims did not pay an undisclosed ransom demand by June 14th.

ADVERTISEMENT

So far, it appears Cl0p has not publicly released any of that stolen data, even though the deadline has passed.

A recent 2023 Cyber Confidence Index survey by cybersecurity firm ExtraHop showed the average cost for an organization hit by a data breach and ransomware attack was more than $4 million – not counting the payment.

The survey also found there was a 400% increase in ransomware attacks since 2021.

Cybernews will follow the story.