It was several days ago that the first reports started to surface and as CISA/FBI issued warnings, the target list/victims continues to expand.
All attributions so far point to an Russian entity with history on this and those attributions do not come from the Federal government but rather outside cyber expert companies across the country.
So, anyone remember when President Biden gave a list of entities that were completely off limits to cyber attacks? Remember?
Well it was exactly a year ago this month…
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. This directive supersedes Homeland Security Presidential Directive 7.
Meanwhile, the victims of this cyber attack related to MoveIT and CLOT include:
Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress Software’s MoveIT Transfer product.
Progress Software on May 31 detailed an SQL injection bug in its managed file transfer (MFT) software MoveIt Transfer. Progress urged customers to immediately apply mitigations for the vulnerability, tracked as CVE-2023-34362, while it worked on a patch, which was released later that day. But as security vendors reported soon after, the critical bug was already under active exploitation in the wild.
A wave of organizations have disclosed data breaches in the wake of CVE-2023-34362 coming to light. Some of the early major names affected by the MoveIT flaw included the government of Nova Scotia, Canada; HR software provider Zellis; the BBC; British Airways; and British retailer Boots.
Several other organizations have disclosed compromises since that initial wave, including U.K. broadcast regulator Ofcom and networking vendor Extreme Networks. Multinational accounting firm Ernst and Young was also reportedly breached via the critical flaw. Ernst and Young did not reply to TechTarget Editorial’s request for comment, but the BBC said it received confirmation of a data breach from the firm.
Additionally Johns Hopkins University Hospital got hit as well as British Airlines.
CNN adds information to the report:
A Russian-speaking hacking group known as CLOP last week claimed credit for some of the hacks, which have also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others.
The Russian hackers were the first to exploit the vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.
The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies.
The episode shows the widespread impact that a single software flaw can have if exploited by skilled criminals.
The hackers – a well-known group whose favored malware emerged in 2019 – in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion.
Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.