US

US Government Hit in Global Hacking Campaign

Save
US Government Hit in Global Hacking Campaign
The United States flag at the dome of the U.S. Capitol building in Washington on May 12, 2023. (Madalina Vasiliu/The Epoch Times)
Savannah Hulsey Pointer
6/15/2023
Updated:
6/17/2023
0:00

The nation’s cyber watchdog agency reported that the U.S. government was the target of a global hacking campaign that exploited a vulnerability in widely used software on June 15. However, the agency does not anticipate the attack to have a significant impact.

Eric Goldstein, the executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said in a statement that several federal agencies had been compromised after the discovery of a vulnerability in the file transfer software MOVEit.

CISA did not identify the affected agencies or specify how they were affected. It did not respond promptly to requests for additional comment.

Progress Software Corp’s (PRGS.O) MOVEit is typically utilized by businesses to transmit files between partners and customers. Progress stock declined by 4%.

The online extortion group Cl0p, which has claimed responsibility for the MOVEit breach, has stated in the past that it would not use any data stolen from government agencies.

The group wrote that government agencies, cities, and police services shouldn’t worry because they had already erased the data.

CISA’s Preventative Measures

On June 7, the FBI and CISA issued a joint announcement about their Cybersecurity Advisory (CSA) as part of their #StopRansomware campaign.

The advisory aims to help organizations protect against the CL0P ransomware variant by providing essential information on its tactics and indicators.

The authorities recommend several actions to mitigate the cyber threats posed by CL0P ransomware. Organizations were advised to conduct an inventory of assets, identifying authorized and unauthorized devices and software.

The agencies also advised that admin privileges and access should only be granted when necessary, while a software allow list should be established to allow only legitimate applications.

Monitoring network ports, protocols, and services and implementing security configurations on network infrastructure devices like firewalls and routers were also touted as crucial steps. Regular patching, updates, and vulnerability assessments were also emphasized.

The advisory includes information on recent activities of the CL0P Ransomware Gang, also known as TA505.

They exploited a previously unknown vulnerability in Progress Software’s MOVEit Transfer solution, infecting internet-facing web applications. The gang used a web shell named LEMURLOOT to steal data from underlying databases.

TA505 has previously targeted Accellion File Transfer Appliance devices and Fortra/Linoma GoAnywhere MFT servers.

FBI and CISA urged organizations to follow the mitigation recommendations to reduce the likelihood and impact of CL0P ransomware attacks. Vigilance and staying updated on the latest advisories and resources available on stopransomware.gov are crucial in enhancing cybersecurity.

International Attacks

Following the hacking of one of the agency’s law firms, a government agency in Australia in charge of keeping track of privacy violations was the target of a cyberattack.

After infiltrating the HWL Ebsworth database, the Russian hacker organization BlackCat, also known as AlphV, obtained information from the Office of the Australian Information Commissioner (OAIC), according to a June 15 report.

One of the biggest business law companies in Australia, HWL Ebsworth, offers expert assistance to the OAIC.

This comes after AlphV stole four terabytes of corporate data, including personnel information, in April.

On June 8, the hacker collective was reported to have released over 1.45 terabytes of sensitive data on the dark web. However, since HWL Ebsworth has a variety of governmental and business clients, it is unclear what information has been released.

“Cyber criminals who accessed our systems have now claimed to have published around one-third of the total data they say has been exfiltrated from our firm,” a company spokesman told AAP. “We are investigating this claim and are seeking to identify what data may have been published.”

Just a day before the Australian hack, a senior U.S. cybersecurity official warned that Chinese state hackers would “almost certainly” conduct aggressive cyberattacks to disrupt critical U.S. infrastructure, such as pipelines and railways if a conflict breaks out with the United States.
At an event hosted by the Aspen Institute in Washington, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, stated that Beijing is investing significantly in the development of cybertechnologies intended to sabotage U.S. infrastructure.

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to include pipelines and rail lines, to delay military deployment, and to induce societal panic,” she told the audience.

“This, I think, is the real threat that we need to be prepared for and to focus on and to build resilience against.”

The focus has been on espionage, whether it be “decades of intellectual property theft” or “the greatest transfer of intellectual wealth,” as noted by Easterly. She stated that Beijing’s efforts had shifted progressively toward disruption and devastation.

“Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening.”

CISA did not immediately respond to The Epoch Times’s request for comment.

Reuters and Eva Fu contributed to this report.