Several U.S. agencies have been hacked as part of a massive cyberattack on dozens of companies and organizations.
The hackers exploited a vulnerability in a program called MOVEIt, a popular tool for quickly transferring files.
Charles Carmakal, chief technology officer of Mandiant, a cybersecurity company owned by Google whose clients include government agencies, said that he was aware of some data theft from federal agencies through the MOVEIt hacks.
It wasn’t immediately clear if the stolen files were sensitive or if the hackers had disrupted government systems.
The Cybersecurity and Infrastructure Security Agency, the country’s top civilian cybersecurity watchdog, said Thursday, June 15 that it is still investigating the scope of the attacks, according to Eric Goldstein, its executive assistant director.
“CISA is providing support to several federal agencies that have experienced intrusions,” he said. “We are working urgently to understand impacts and ensure timely remediation.”
In an interview with NBC News on Thursday, CISA Director Jen Easterly said the agency was tracking the hackers “as a well-known ransomware group.”
The group is called CL0P.
Last week, CISA and the FBI issued a warning that CL0P was exploiting a previously unknown vulnerability in MOVEIt. In a rapid hacking spree, the group used that flaw to steal files from at least 47 organizations and demand payment to not publish them online, said Brett Callow, an analyst at the cybersecurity company Emsisoft.