Welcome to another deep dive from The Internet Patrol, where we unearth the Internet’s most complex and impactful stories for your edification. In today’s exploration, we delve into a major cyber attack that has, unfortunately, compromised the security of the U.S. federal government and allies, including NATO members.
The guardians of our digital world, the Cybersecurity and Infrastructure Security Agency (CISA), have recently confirmed that several federal agencies are reeling from an intrusive cyberattack impacting their file transfer applications. In response, senior government officials have been engaged in a rapid effort to control and mitigate this catastrophe.
“We are frantically scrambling to understand the impacts and ensure expeditious remediation,” reads the official CISA statement. This is not something that one wants to see from an agency tasked with securing the digital perimeter of our nation, but their immediate and transparent response is admirable.
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, reveals that this global intrusion resulted from hackers exploiting a weakness in a commonly used software, utilized globally to move large data files. It’s like a bank heist, except the vault doors were left wide open. “As part of their sinister operations, the cyber-criminals have started to disclose some of the pilfered data in an attempt to blackmail these companies,” says Neuberger, urging all users of the compromised software to patch and reinforce their systems immediately.
Renowned cybersecurity expert refers to this incident as a grand theft and extortion event, one of the largest in recent memory. The list of victims includes renowned educational institutions, prestigious media outlets, and major airlines.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Our diligent digital detectives suggest the cyber gang behind this massive intrusion has been operating since at least 2014 and appears to be based in Russia, possibly with implicit approval from the Russian intelligence services. CISA Director Jen Easterly officially identifies the culprits as the notorious CLOP Ransomware.
Brett Callow, a cyber threat analyst with Emsisoft, provides us with more insight into the scale of this breach. He reports that there are 47 confirmed victims so far, including some unidentified U.S. government agencies. Worryingly, the malicious CLOP claims to have impacted hundreds of organizations.
A CISA official, on condition of anonymity, declined to specify the federal agencies impacted. The Energy Department did admit to being a victim, though. However, there’s no evidence at this point to suggest any military branches or intelligence community involvement. The official was also keen to reassure the public that this isn’t a SolarWinds-like incident that risks national security.
CLOP’s modus operandi involves holding sensitive data hostage and issuing ransom threats, ominously warning victims that their data will start to be disclosed after a week. Their main target appears to be a software program named MoveIt Transfer, widely used for data transfer.
Interestingly, many organizations managed to patch the vulnerability before the cyber miscreants could exploit it, according to CISA. This is certainly good news, but it underscores the need for continuous and proactive efforts in maintaining cybersecurity hygiene.
Director Easterly indicates that the government’s current focus is on potentially affected federal agencies, and they’re working tirelessly with these agencies to reduce the risks.
Other victims include banks and credit unions, according to researcher Bret Callow. An ominous forewarning from the FBI and CISA last week about a ransomware gang exploiting a vulnerability in the MoveIt Transfer software appears to have gone unheeded. While the FBI didn’t comment directly on the ongoing situation, they referred us to a security advisory about MoveIt, urging private sector entities to guard themselves against this ransomware and report any suspicious cyber activities.
Stay with us on The Internet Patrol for the latest updates on this alarming cyber crisis. The digital frontier is increasingly
volatile, and it’s our mission to help you navigate it safely.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
