WASHINGTON — Several federal agencies are battling against a cyberattack that exploits a vulnerability in a widely-used filesharing service.
It's unclear exactly what kind of attack has hit the government agencies, or how many have been affected. The US Cybersecurity and Infrastructure Security Agency said it was supporting "several" agencies fighting against the hacks but did not answer specific questions in an emailed statement.
“CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications. We are working urgently to understand impacts and ensure timely remediation," said Eric Goldstein, CISA's Executive Assistant Director for Cybersecurity.
MOVEit is a file-sharing service similar to Dropbox or Google Drive. The software encrypts the files, making them difficult to intercept before they reach their intended destination.
The vulnerability that allowed the government agencies to be hacked is a known one, which the application's developer, Progress, released a patch for on June 9.
Progress first identified the vulnerability in late May, the company said, and developed a patch shortly after. On June 9, a second patch for unrelated backdoors in the software, found during a review of the first vulnerability, was released.
In their information page about the vulnerabilities, Progress said all MOVEit customers needed to apply the newest patch to protect their systems. It's unclear whether any of the federal agencies affected in the cyberattack had begun the update process.
The culprit behind the attack hasn't been publicly identified.
CNN reported that the newest attacks add to a growing list of hacks against major U.S. universities and state governments in recent weeks. According to their reporting, the "sprawling hacking campaign" began about two weeks ago.
A Russian-speaking hacking group known as CLOP claimed credit for some of the previous hacks, according to CNN. But it's unclear if the same group is responsible for the federal attacks, because experts believe other groups may have access to the code needed to execute the hacks.
According to CNN, CLOP had given the agencies it attacked until Wednesday to contact them about paying a ransom for the return of their data on a dark web extortion site. As of Thursday, that website did not list any federal U.S. agencies among its victims.