The US confirms that federal agencies have been affected by the MOVEit breach, as hackers list more victims

    The US government has confirmed that multiple federal agencies have been victims of cyberattacks exploiting a vulnerability in a popular file transfer tool.

    In a statement shared with, CISA confirmed that “several” US government agencies have experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. The agency also attributed the attacks to the Russia-affiliated Clop ransomware gang, which this week began posting the names of organizations it claims to have hacked by exploiting the MOVEit flaw.

    CISA did not say how many agencies were affected by the attacks CNN reported for the first time, and did not name the authorities involved. However, the Department of Energy confirmed to that two of its entities were among the breakthroughs.

    “When DOE learned that the data of two DOE entities had been compromised during the global cyberattack on its file-sharing software, MOVEit Transfer, DOE immediately took steps to prevent further exposure to the vulnerability and released the Cybersecurity and Infrastructure Security Agency (CISA) informed,” said a DoE. said a spokesperson. “The department has notified Congress and is working with law enforcement, CISA and the entities involved to investigate the incident and mitigate the impact of the breach.”

    According to the Federal News NetworkOak Ridge Associated Universities and a Waste Isolation Pilot Plant in New Mexico were the two DOE entities affected by the vulnerability, exposing “the personally identifiable information of potentially tens of thousands of individuals, including energy workers and contractors.”

    According to the Federal Data Procurement System, about a dozen other US agencies have active MOVEit contracts. This includes the Department of the Army, the Department of the Air Force, and the Food and Drug Administration.

    In a press conference on Thursday about the MOVEit vulnerability, CISA Director Jen Easterly said the cybersecurity agency is “working urgently with affected agencies to understand the impact and ensure timely remediation.” While it is not yet known if any data was stolen, Easterly added that the intrusions are not being used to “steal specific high-value information” or gain access to targeted systems.

    “Basically, as we understand it, this attack is largely an opportunistic attack,” Easterly said. “In addition, we are not aware of Clop actors threatening to extort or release data stolen from US government agencies.”

    In a new update to his dark web leak site, Clop claimed that government data had been wiped and no government agencies have yet been listed as victims.

    However, Clop has added another set of victims it says have been compromised via the MOVEit vulnerability, including Boston Globe, California-based East Western Bank, New York-based biotechnology firm Enzo Biochem, and Microsoft’s conversational AI firm Nuance. . None of the newly listed companies have responded to’s questions.

    The Russian-affiliated ransomware group posted the first wave of affected organizations — a list that includes US-based financial services firms 1st Source and First National Bankers Bank and British energy giant Shell — just a day earlier.

    As new victims keep coming to light, Progress Software has rushed to release a patch new vulnerability affect MOVEit Transfer. This vulnerability, tracked as CVE-2023-35708, could lead to unauthorized access to customer environments, Progress warned in its advisory.

    Recent Articles

    Related Stories

    Stay on op - Ge the daily news in your inbox

    [tdn_block_newsletter_subscribe input_placeholder=”Email address” btn_text=”Subscribe” tds_newsletter2-image=”730″ tds_newsletter2-image_bg_color=”#c3ecff” tds_newsletter3-input_bar_display=”” tds_newsletter4-image=”731″ tds_newsletter4-image_bg_color=”#fffbcf” tds_newsletter4-btn_bg_color=”#f3b700″ tds_newsletter4-check_accent=”#f3b700″ tds_newsletter5-tdicon=”tdc-font-fa tdc-font-fa-envelope-o” tds_newsletter5-btn_bg_color=”#000000″ tds_newsletter5-btn_bg_color_hover=”#4db2ec” tds_newsletter5-check_accent=”#000000″ tds_newsletter6-input_bar_display=”row” tds_newsletter6-btn_bg_color=”#da1414″ tds_newsletter6-check_accent=”#da1414″ tds_newsletter7-image=”732″ tds_newsletter7-btn_bg_color=”#1c69ad” tds_newsletter7-check_accent=”#1c69ad” tds_newsletter7-f_title_font_size=”20″ tds_newsletter7-f_title_font_line_height=”28px” tds_newsletter8-input_bar_display=”row” tds_newsletter8-btn_bg_color=”#00649e” tds_newsletter8-btn_bg_color_hover=”#21709e” tds_newsletter8-check_accent=”#00649e” embedded_form_code=”YWN0aW9uJTNEJTIybGlzdC1tYW5hZ2UuY29tJTJGc3Vic2NyaWJlJTIy” tds_newsletter=”tds_newsletter1″ tds_newsletter3-all_border_width=”2″ tds_newsletter3-all_border_color=”#e6e6e6″ tdc_css=”eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjAiLCJib3JkZXItY29sb3IiOiIjZTZlNmU2IiwiZGlzcGxheSI6IiJ9fQ==” tds_newsletter1-btn_bg_color=”#0d42a2″ tds_newsletter1-f_btn_font_family=”406″ tds_newsletter1-f_btn_font_transform=”uppercase” tds_newsletter1-f_btn_font_weight=”800″ tds_newsletter1-f_btn_font_spacing=”1″ tds_newsletter1-f_input_font_line_height=”eyJhbGwiOiIzIiwicG9ydHJhaXQiOiIyLjYiLCJsYW5kc2NhcGUiOiIyLjgifQ==” tds_newsletter1-f_input_font_family=”406″ tds_newsletter1-f_input_font_size=”eyJhbGwiOiIxMyIsImxhbmRzY2FwZSI6IjEyIiwicG9ydHJhaXQiOiIxMSIsInBob25lIjoiMTMifQ==” tds_newsletter1-input_bg_color=”#fcfcfc” tds_newsletter1-input_border_size=”0″ tds_newsletter1-f_btn_font_size=”eyJsYW5kc2NhcGUiOiIxMiIsInBvcnRyYWl0IjoiMTEiLCJhbGwiOiIxMyJ9″ content_align_horizontal=”content-horiz-center”]