A global cyberattack targeting US federal government agencies and companies exploited a vulnerability in MOVEit software, made by Progress Software. The breach, orchestrated by Russian cybercriminals, affected the Department of Energy, including specific entities like Oak Ridge Associated Universities and a contractor for the Department of Energy's Waste Isolation Pilot Plant in New Mexico. While no ransom demands were reported to federal agencies, the potential for significant data loss and disruption is evident. The attackers, belonging to the ransomware gang Clop, threatened to leak sensitive data if ransoms were not paid, posing a significant threat to financial, personal, and national security information. Johns Hopkins University and Georgia's state-wide university system are among the victims, indicating the breach's extensive impact on educational institutions, government entities, and potentially critical infrastructure.
Source: https://www.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html
TPRM report: https://scoringcyber.rankiteo.com/company/progress-software
"id": "pro205050824",
"linkid": "progress-software",
"type": "Breach",
"date": "06/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Energy',
'location': 'United States',
'name': 'Department of Energy',
'type': 'Government Agency'},
{'industry': 'Education',
'location': 'United States',
'name': 'Oak Ridge Associated Universities',
'type': 'Educational Institution'},
{'industry': 'Energy',
'location': 'New Mexico',
'name': "Contractor for the Department of Energy's "
'Waste Isolation Pilot Plant',
'type': 'Government Contractor'},
{'industry': 'Education',
'location': 'United States',
'name': 'Johns Hopkins University',
'type': 'Educational Institution'},
{'industry': 'Education',
'location': 'Georgia',
'name': "Georgia's State-Wide University System",
'type': 'Educational Institution'}],
'attack_vector': 'Vulnerability in MOVEit Software',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive Data',
'Financial Information',
'Personal Information',
'National Security Information']},
'description': 'A global cyberattack targeting US federal government agencies '
'and companies exploited a vulnerability in MOVEit software, '
'made by Progress Software. The breach, orchestrated by '
'Russian cybercriminals, affected the Department of Energy, '
'including specific entities like Oak Ridge Associated '
"Universities and a contractor for the Department of Energy's "
'Waste Isolation Pilot Plant in New Mexico. While no ransom '
'demands were reported to federal agencies, the potential for '
'significant data loss and disruption is evident. The '
'attackers, belonging to the ransomware gang Clop, threatened '
'to leak sensitive data if ransoms were not paid, posing a '
'significant threat to financial, personal, and national '
"security information. Johns Hopkins University and Georgia's "
'state-wide university system are among the victims, '
"indicating the breach's extensive impact on educational "
'institutions, government entities, and potentially critical '
'infrastructure.',
'impact': {'data_compromised': ['Sensitive Data',
'Financial Information',
'Personal Information',
'National Security Information'],
'systems_affected': ['MOVEit Software']},
'initial_access_broker': {'entry_point': 'MOVEit Software Vulnerability',
'high_value_targets': ['Department of Energy',
'Educational Institutions']},
'motivation': 'Financial Gain, Data Theft',
'post_incident_analysis': {'root_causes': 'Vulnerability in MOVEit Software'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes',
'ransomware_strain': 'Clop'},
'threat_actor': 'Clop Ransomware Gang',
'title': 'Global Cyberattack on US Federal Agencies and Companies via MOVEit '
'Software',
'type': 'Ransomware Attack',
'vulnerability_exploited': 'MOVEit Software Vulnerability'}