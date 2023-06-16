



The US Cyber ​​Surveillance Agency said it was still working to identify the impact of the hacking campaign.

Several U.S. government agencies have been hit in a global hacking campaign that exploited a vulnerability in widely used software, the U.S. Cyber ​​Surveillance Agency said Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said multiple federal agencies experienced intrusions following the discovery of a weakness in file transfer software MOVEit, said Eric Goldstein, executive deputy director from the cybersecurity agency, in a press release.

We are working urgently to understand the impacts and ensure timely remediation, he said.

CISA did not immediately return emails from Reuters news agency seeking further comment. The FBI and the US National Security Agency also did not immediately return emails requesting details of the breaches.

The United States does not expect any significant impact from a cyberattack that hit its government agencies, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, told MSNBC.

The agency was working to fully understand the impact of the attacks and to coordinate with other agencies to provide remediation, Easterly said.

Right now, we are quickly focusing on federal agencies that may be impacted and working hand-in-hand with them to be able to mitigate that risk, she said.

MOVEit, manufactured by Progress Software Corp, is typically used by organizations to transfer files between their partners or customers.

It could be used by a financial institution that forces its customers to upload their data to apply for a loan, John Hammond, principal researcher at security firm Huntress, said earlier this month.

There’s a lot of potential for what an opponent might be able to get in, he said.

Online extortion group Cl0p, which claimed responsibility for the MOVEit hack, has previously said it will not mine any data from government agencies.

IF YOU ARE A GOVERNMENT, CITY OR POLICE DEPARTMENT DON’T WORRY WE HAVE ERASED ALL YOUR DATA, the group said in a statement posted on its website.

Neither Cl0p nor Progress immediately responded to Reuters requests for comment.

Earlier this month, US and UK cybersecurity officials warned that a Russian cyber extortion gang had hacked MOVEit and it would have a global impact as the file transfer program was popular with businesses. Zellis, a leading payroll service provider in the UK which serves British Airways, the BBC and hundreds of others, was among the users affected. UK chemicals chain Boots was also affected.

Microsoft last month accused Chinese state-sponsored hackers of carrying out attacks on critical infrastructure in the United States.

