Russian-speaking hackers obtained the email addresses of more than 600,000 employees at the Department of Justice (DOJ) and Department of Defense (DOD) in an expansive hack last spring, according to Bloomberg.
A hacking group, likely one known as Cl0p, accessed government email addresses, links to government employee surveys, and internal Office of Personnel Management (OPM) employee tracking codes for DOJ and DOD, according to a report OPM submitted to the House Science, Space and Technology Committee and obtained by a Freedom of Information Act request, Bloomberg reported. Other agencies had previously acknowledged falling victim to the massive attack exploiting a vulnerability in MOVEit, a file transfer tool, in the spring of 2023.
The hack affected various branches within DOD, including the Office of the Secretary of Defense, Air Force, Army, U.S. Army Corps of Engineers, Joint Staff, and other defense agencies and field activities, Bloomberg reported, citing the eight-page OPM report.
OPM characterized the breach as a “major incident” but said the information the threat actors obtained was “generally of low sensitivity” and did not pose a major threat, according to Bloomberg.
The report said there was “no indication” any unauthorized person accessed any of the links to surveys leaked in the breach, according to Bloomberg.
Hackers got to the information by exploiting a weakness in the code for the MOVEit file transfer service used by Westat Inc., with which OPM contracts for administering Federal Employee Viewpoint Surveys, Bloomberg reported.
The Department of Health and Human Services, Department of Agriculture, General Services Administration, and Department of Energy confirmed this summer that email addresses and other information fell into the hands of the threat actor. Cl0p demanded a ransom from the Energy Department after two of its sub-agencies were compromised as part of the massive hacking campaign.
Cl0p likely targeted more than 2,500 government and private organizations, Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, said, according to Bloomberg.
The important fact isn’t WHO Clop Ransomware is posting but rather that they ARE posting companies again.
Another small company that is not on any #MOVEit exploit breach list has just been posted by CL0P Ransomware. https://t.co/q1oBsDH8mk pic.twitter.com/3KrUgnTlzt
— Dominic Alvieri (@AlvieriD) October 28, 2023
CISA director Jen Easterly confirmed a ransomware group calling itself Cl0p orchestrated the massive attack but that the breaches would not pose a “systemic risk” to national security or U.S. networks.
Cybersecurity researchers believe Cl0p became active in 2014 but began ransoming organizations in 2019 and operates with the unspoken backing of the Russian government, according to CBS and cyber threat analysts.
Progress Software Corp., MOVEit’s parent company, told Bloomberg it is working to mitigate the impacts of the breach.
The DOD and DOJ did not immediately respond to the Daily Caller News Foundation’s request for comment.
All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.
DONATE TO BIZPAC REVIEW
Please help us! If you are fed up with letting radical big tech execs, phony fact-checkers, tyrannical liberals and a lying mainstream media have unprecedented power over your news please consider making a donation to BPR to help us fight them. Now is the time. Truth has never been more critical!
Comment
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. Thank you for partnering with us to maintain fruitful conversation.
BPR INSIDER COMMENTS
Scroll down for non-member comments or join our insider conversations by becoming a member. We'd love to have you!
