Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly testifies before the House Homeland Security Subcommittee at the Rayburn House Office Building on April 28, 2022 in Washington, DC.
Kevin Dietsch | Getty Images
Several US agencies have been hacked as part of a wider cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file-sharing software.
The Cybersecurity and Infrastructure Security Agency, the nation’s top civilian cybersecurity watchdog, said Thursday it was still investigating the extent of the hacks, according to Eric Goldstein, its executive deputy director.
“CISA provides support to several federal agencies that have experienced breaches,” he said. “We are working quickly to understand the impacts and ensure timely remediation.”
Hackers exploited a vulnerability in a program called MOVEIt, a popular tool for fast file transfer.
Charles Carmakal, chief technology officer at Mandiant, a Google-owned cybersecurity company whose clients include government agencies, said he was aware of some data thefts from federal agencies through the MOVEIt hacks.
It was not immediately clear if the stolen files were sensitive or if the hackers breached government systems. CNN was the first to report on it to CISA’s statement.
The incident is the third known case in as many years that foreign hackers managed to break into multiple federal agencies and steal information. In 2020, hackers working for Russian intelligence broke into nine agencies by first hacking into the software they were using, which was developed by Texas-based SolarWinds. The following year, Chinese intelligence hackers broke into other agencies through a remote work program called Pulse Secure.
In an interview with NBC News’ Andrea Mitchell on Thursday, CISA Director Jen Easterly said the agency was tracking the hackers “as a known ransomware group.”
It appeared to be a reference to an established cybercriminal group called CL0P.
Last week, CISA and the FBI released a Warning that CL0P was exploiting a previously unknown vulnerability in MOVEIt. In a quick hacking frenzy, the group used the flaw to steal files from at least 47 organizations and demand payment for not posting them online, said Brett Callow, a cybersecurity analyst at Emsisoft.
CL0P is primarily a Russian-speaking cybercriminal gang, said Allan Liska, a ransomware expert at cybersecurity firm Recorded Future.
The Office of the Director of National Intelligence declined to comment. The State Security Council did not immediately respond to a request for comment.
Wendi Whitmore, who leads threat analysis for cybersecurity firm Palo Alto Networks, said CL0P’s campaign targeting hacking victims through MOVEIt has been incredibly widespread.
“I think it’s at least hundreds, if not more,” of the total casualties, she said.
This is a developing story. Please check for updates.