US Energy Dept., Other Agencies Hacked

U.S. security officials say the U.S. Energy Department and several other federal agencies have been hacked by a Russian cyber-extortion gang.

Homeland Security officials said Thursday the agencies were caught up in the hacking of MOVEit  Transfer, a file-transfer program that is popular with governments and corporations.

The Energy Department said two of its entities were “compromised” in the hack.

The Russia-linked extortion group CI0p, which claimed responsibility for the hacking, said last week on the dark web site that its victims had until Wednesday to negotiate a ransom or risk having sensitive information dumped online.  It added that it would delete any data stolen from governments, cities and police departments.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said while the intrusion was “largely an opportunistic one” that was superficial and caught quickly, her agency was “very concerned about this campaign and working on it with urgency.”

Reuters reports that the Britain’s Shell Oil Company, the University of Georgia, Johns Hopkins University and the Johns Hopkins Health System were also among those targeted in the hacking campaign. The Associated Press quoted a senior CISA official as saying U.S. military and intelligence agencies were not affected.

MOVEit said it is working with the federal agencies and its other customers to help fix their systems.

Information for this report was provided by The Associated Press and Reuters.  

leave a reply