MOVEit Still has Issues

11920564268?profile=RESIZE_400xThe number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana officials have recommended residents freeze their credit after the personal information of anyone with a state-issued driver’s license, ID or car registration was exposed in a data breach, and the Oregon Department of Transportation said attackers accessed personal information of about 3.5 million in that state.

The University of Georgia and the University System of Georgia is also investigating if its data was hacked on 15 June but would not specify what information was put at risk, a spokesperson told the Atlanta Journal-Constitution.  Two Department of Energy entities were among the “small number” of impacted federal agencies, a senior official with the US Cybersecurity and Infrastructure Security Agency (CISA) official told reporters while declining to name them specifically, adding “this is not a widespread campaign affecting a large number of federal agencies.”  About a dozen U.S. agencies have active contracts with MOVEit, Politico reported.

Several other recent attacks that exploited MOVEit have been claimed by the Russian-speaking ransomware group CL0P, including hacks of:

CRUCIAL QUOTE - This is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters.

KEY BACKGROUND TITLE - Hackers on Thursday continued to target weaknesses in the file transfer software MOVEit to hit several government agencies in the latest string of attacks that have also hit the Shell oil company, the BBC, British Airways, John Hopkins University and other institutions.  Officials with the Cybersecurity and Infrastructure Security Agency said the government hasn’t received any extortion demands or observed any data leaks, and users of MOVEit can now install a patch to eliminate the software vulnerability used by hackers.  A senior agency official declined to identify which government agencies had been affected other than the Energy Department, but did say there is no indication that the military or intelligence communities were impacted.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

[1] https://www.forbes.com/sites/maryroeloffs/2023/06/16/moveit-cyber-attack-personal-data-of-millions-stolen-from-oregon-louisiana-us-agency/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!