Several U.S. government departments are the latest reported victims of the hack of the MOVEit file transfer tool.
CNN quotes the U.S. Cybersecurity and Infrastructure Security Agency as saying it is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.
“We are working urgently to understand impacts and ensure timely remediation,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, told CNN.
If this was one of the Clop affiliates, commented Erich Kron, security awareness advocate at KnowBe4, it is a very brazen move as it is likely to draw some serious attention from the federal government. “Many cyber gangs, even those backed by nation-state players, try to avoid the focused attention of the U.S. government and its allies. Some significant cybercrime groups have fallen after they have become a focused target of the government, and this sort of attack is likely to put them straight in the crosshairs of the response teams.”
The news comes as the Clop ransomware gang, which found and exploited a vulnerability in MOVEit, released a list of alleged victims. That list included three U.S. financial institutions and energy provider Shell. Until now, victims of the MOVEit compromise, including the BBC, British Airways, and Nova Scotia’s healthcare system, had individually acknowledged being hit.
CNN says the ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their website on the dark web.
Separately, the U.S. Justice Department said a Russian national had been arrested for his alleged involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa.
“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa Monaco. “In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.”
According to a criminal complaint obtained in the District of New Jersey, from at least as early as August 2020 to March 2023, the accused man allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware. That includes allegedly executing at least five attacks against victim computer systems in the United States and abroad.
The man is the third person charged by the U.S. with allegedly being involved LockBit global ransomware campaign, and the second to be actually apprehended.