US Government Hit in Global Hacking Campaign

The nation’s cyber watchdog agency reported that the U.S. government was the target of a global hacking campaign that exploited a vulnerability in widely used software on June 15. However, the agency does not anticipate the attack to have a significant impact.

Eric Goldstein, the executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said in a statement that several federal agencies had been compromised after the discovery of a vulnerability in the file transfer software MOVEit.

CISA did not identify the affected agencies or specify how they were affected. It did not respond promptly to requests for additional comment.

Progress Software Corp’s (PRGS.O) MOVEit is typically utilized by businesses to transmit files between partners and customers. Progress stock declined by 4%.

The online extortion group Cl0p, which has claimed responsibility for the MOVEit breach, has stated in the past that it would not use any data stolen from government agencies.

The group wrote that government agencies, cities, and police services shouldn’t worry because they had already erased the data.

CISA’s Preventative Measures

On June 7, the FBI and CISA issued a joint announcement about their Cybersecurity Advisory (CSA) as part of their #StopRansomware campaign.

The advisory aims to help organizations protect against the CL0P ransomware variant by providing essential information on its tactics and indicators.

The authorities recommend several actions to mitigate the cyber threats posed by CL0P ransomware. Organizations were advised to conduct an inventory of assets, identifying authorized and unauthorized devices and software.

The agencies also advised that admin privileges and access should only be granted when necessary, while a software allow list should be established to allow only legitimate applications.

Monitoring network ports, protocols, and services and implementing security configurations on network infrastructure devices like firewalls and routers were also touted as crucial steps. Regular patching, updates, and vulnerability assessments were also emphasized.

The advisory includes information on recent activities of the CL0P Ransomware Gang, also known as TA505.

They exploited a previously unknown vulnerability in Progress Software’s MOVEit Transfer solution, infecting internet-facing web applications. The gang used a web shell named LEMURLOOT to steal data from underlying databases.

TA505 has previously targeted Accellion File Transfer Appliance devices and Fortra/Linoma GoAnywhere MFT servers.

FBI and CISA urged organizations to follow the mitigation recommendations to reduce the likelihood and impact of CL0P ransomware attacks. Vigilance and staying updated on the latest advisories and resources available on stopransomware.gov are crucial in enhancing cybersecurity.

International Attacks

Following the hacking of one of the agency’s law firms, a government agency in Australia in charge of keeping track of privacy violations was the target of a cyberattack.

After infiltrating the HWL Ebsworth database, the Russian hacker organization BlackCat, also known as AlphV, obtained information from the Office of the Australian Information Commissioner (OAIC), according to a June 15 report.

One of the biggest business law companies in Australia, HWL Ebsworth, offer