A number of U.S. government agencies have been hit by the same Cl0p Russian ransomware group that conducted the MoveIT operation last week, again exploiting the popular large file transfer system to access records and documents.
According to reports, state agencies and businesses have also been undermined by the attack. TechCrunch has reported that Cl0p has listed on its dark web site multiple financial organizations, other businesses and universities as victims of the campaign.
U.S. Department of Energy Among Victims
While it's unclear the total number of U.S. government agencies that have been hit by the campaign, the Department of Energy confirmed it was among those impacted, with two of its entities compromised. The Transportation Security Administration and the State Department said neither agency had been victimized by the operation.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s cyber central, said the break-in was mostly “opportunistic,” did not involve “high value information” and was not widespread. As she explained:
“Although we are very concerned about this campaign, this is not a campaign like SolarWinds that poses a systemic risk,” Easterly said, referencing the 2021 Russia-linked supply chain attack that hit 11 U.S. agencies and hundreds of businesses worldwide by leveraging managed service providers to gain network access.
