A global hacking campaign has breached several US government agencies by exploiting a vulnerability in a widely used software, according to the US cyber-watchdog agency.
The US Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that it was working urgently to understand the impacts and ensure timely remediation of the intrusions.
The hackers took advantage of a weakness in the file transfer software MOVEit, made by Progress Software Corp, which is typically used by organizations to transfer files between their partners or customers.
Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement that several federal agencies had experienced intrusions following the discovery of the software flaw.
“We are working urgently to understand impacts and ensure timely remediation,” he said.
CISA did not immediately return emails from Reuters seeking further comment. The FBI and US National Security Agency also did not immediately return emails seeking details on the breaches.
Jen Easterly, the director of CISA, told MSNBC that the US did not expect any “significant impact” from the cyber-attack and that the agency was coordinating with other agencies to ensure remediation.
“Right now, we’re focused quickly on those federal agencies that may be impacted and we’re working hand in hand with them to be able to mitigate that risk,” she said.
The online extortion group Cl0p, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.
“IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA,” the group said in a statement on its website.
Neither Cl0p nor Progress immediately responded to requests for comment from Reuters.
Earlier this month, US and British cybersecurity officials warned that a Russian cyber-extortion gang had hacked MOVEit and that would have a global impact as the file-transfer program was popular with businesses.
Zellis, a leading payroll services provider in the UK that serves British Airways, the BBC, and hundreds of others, was among the affected users. UK chemist chain Boots was also affected.
Last month, Microsoft accused Chinese state-sponsored hackers of carrying out attacks against critical infrastructure in the US using similar methods.