U.S. government agencies have been put on high alert this week following news of an extensive cyberattack originating from Russia. This attack, allegedly carried out by a group known as “CL0P” or “TA505,” has already affected a number of important government-run institutes, universities, hospitals and even local governments across the country.
The Cybersecurity and Infrastructure Security Agency (CISA) announced on Thursday that CL0P had managed to infiltrate multiple agencies. CISA director Jen Easterly noted that the attack did not appear to be part of a larger, state-sponsored campaign like the massive one seen in 2019 by Russian agents against US networks and companies.
Rather, the attack was found to be focused on exploiting a vulnerability in a data transferring and encryption software called “MOVEit” which is frequently used by the government to securely handle sensitive data. Hackers have reportedly used this vulnerability to steal data and demand ransom money.
Major institutions affected so far include Johns Hopkins University in Baltimore and the US state university system in Georgia. The directors of these institutions have reported the theft of personal and banking information from several patients and students. In addition, the Illinois and Minnesota state governments are also said to have suffered attacks.
The attacks have caused great concern. CISA director Jen Easterly noted that while the current attack was “small-scale,” it was still important to take the necessary precautions and safeguard US government and private data from similar future attacks.
Though it is currently unclear whether these cyberattacks are state-sponsored, news of the attacks has further raised tensions between the US and Russia. With this in mind, US government and other official systems need to remain vigilant in order to ensure the safety of our networks.