U.S. Energy Department and Other Agencies Compromised in MOVEit Cyber Attack
Several U.S. government agencies, including the U.S. Energy Department, have announced that they are among the businesses who have fallen victim to the MOVEit Cyber Attack. Officials reported on Thursday June 15th that data was compromised at two entities within the Energy Department when hackers exploited the MOVEit security flaw.
The entities affected were the DOE contractor Oak Ridge Associated Universities, and the Waste Isolation Pilot Plant, a New Mexico-based facility for the disposal of defence-related nuclear waste. In addition to these, a number of other organisations were also hit, including energy giant Shell, the University System of Georgia, Johns Hopkins University, and Johns Hopkins Health System, a non-profit that collaborates with the university and operates six hospitals and primary care centres.
The recent victims join a growing list of entities across the U.K., U.S., and other countries whose systems have been infiltrated via the MOVEit Transfer software. The hackers capitalised on a security flaw that the software maker, Progress Software, identified late last month. The Russia-linked extortion group Clop, which has claimed responsibility for the MOVEit hack, stated that it would not exploit any data taken from government agencies and asserted that all such data had been erased, something which Cyber Security specialists have brought into question.
The U.S. Cyber Security and Infrastructure Security Agency (CISA) confirmed that it was assisting several federal agencies that had been breached, without naming them specifically. The agency stated, “At this time, we are not tracking any significant impacts to the federal civilian executive branch (.gov) enterprise but are continuing to work with our partners on this issue”.
The Energy Department, responsible for managing U.S. nuclear infrastructure and energy policy, announced that it had informed Congress of the breach and was actively participating in investigations with law enforcement and CISA. Shell stated that there was no evidence of impact to the company’s core IT systems from the MOVEit Transfer-related breach, with approximately 50 users of the tool under urgent investigation for potential data impact.
Johns Hopkins University and the University System of Georgia, which comprises about 26 public colleges, are also investigating the extent of the data exposure from the MOVEit hack. Last week, large organisations including the UK’s telecom regulator Ofcom, British Airways, the BBC and Boots were identified as victims of this widespread hacking campaign.
Progress Software, the company behind MOVEit Transfer, is currently liaising with federal law enforcement and assisting customers in applying fixes to their systems. Despite the company’s shares ending down 6.1% on Thursday, it continues to investigate another “critical vulnerability” discovered in MOVEit Transfer, though it remains unclear whether this vulnerability has yet been exploited by hackers.
MOVEit Transfer is a frequently used tool by organisations to share sensitive information with partners or customers, including payroll and HR information as seen through Zellis, further highlighting the potential magnitude of this cyber attack. As the investigation continues, the full extent of the breach on companies around the world remains to be seen.
If your business is concerned about if account details have been leaked on the dark web, or if you want to lear how to implement a strong password policy, multi-factor authentication, prevent targeted phishing emails and much more download our FREE Cyber Security Self Assessment form to see if your business is practicing the best Cyber Security to protect you from attacks. You can also request for a FREE one off Dark Web scan to see if any of your business critical accounts are exposed, and we can also offer this as an ongoing live or monthly managed service. Click the links below to reach out to us.
Latest News Stories
Protect your Business from Targeted Phishing Attacks
Every day businesses are targeted by Phishing attacks of some form, this could be someone impersonating a brand or business to try and gain information from you, they could be asking you to click a link to sign in and ‘download a file’ which would steal your log...
Why does your business need Cyber Essentials Certification?
Is your business Cyber Essentials certified? Do you struggle to understand what you need to maintain solid cyber security? Our IT experts can do all the techie bits for you and guide you through the rest allowing you to build cyber essentials into the core of your...
See more, with our CCTV Solutions
Do you have a CCTV system in place? Does your current CCTV system have poor quality making its presence irrelevant? Do you want expert night coverage to keep your building secure at all times? That's where One2Call’s modern business CCTV systems come in, helping...
Our Customers
Testimonials
Abbeyfield School
Very efficient and clean up after job. Very competitive prices.
Jeanette, Principle Support Ltd
One2Call staff are very helpful and friendly and they do have a fast turnaround with our enquiries. Thank you very much.
Bradley Harrison, Merlin Trucks
Friendly helpful service whether its big or small you’re wanting they’re happy to help.