Russian Cl0p Operatives Hit U.S. Federal Agencies in Widespread Cyberattack

A number of U.S. government agencies have been hit by the same Cl0p Russian ransomware group that conducted the MoveIT operation last week, again exploiting the popular large file transfer system to access records and documents.

According to reports, state agencies and businesses have also been undermined by the attack. TechCrunch has reported that Cl0p has listed on its dark web site multiple financial organizations, other businesses and universities as victims of the campaign.

U.S. Department of Energy Among Victims

While it's unclear the total number of U.S. government agencies that have been hit by the campaign, the Department of Energy confirmed it was among those impacted, with two of its entities compromised. The Transportation Security Administration and the State Department said neither agency had been victimized by the operation.

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), the nation’s cyber central, said the break-in was mostly “opportunistic,” did not involve “high value information” and was not widespread. As she explained:

“Although we are very concerned about this campaign, this is not a campaign like SolarWinds that poses a systemic risk,” Easterly said, referencing the 2021 Russia-linked supply chain attack that hit 11 U.S. agencies and hundreds of businesses worldwide by leveraging managed service providers to gain network access.

Read the full story at

Jessica C. Davis

Jessica C. Davis is editorial director of CyberRisk Alliance’s channel brands, MSSP Alert, MSSP Alert Live, and ChannelE2E. She has spent a career as a journalist and editor covering the intersection of business and technology including chips, software, the cloud, AI, and cybersecurity. She previously served as editor in chief of Channel Insider and later of MSP Mentor where she was one of the original editors running the MSP 501.