Progress Software
Several US federal government agencies and 'several hundred' companies and organizations in the US have been compromised in a global cyberattack leveraging a vulnerability in MOVEit, a widely used data transfer software made by Progress Software. Russian cybercriminals, associated with the ransomware gang Clop, have exploited this vulnerability without making specific ransom demands from federal agencies yet. Progress Software identified a second vulnerability in the aftermath, leading to urgent remediation efforts. The Department of Energy confirmed breaches in two of its entities, including Oak Ridge Associated Universities and a contractor related to the Waste Isolation Pilot Plant in New Mexico. Additionally, notable victims like Johns Hopkins University and Georgia’s state-wide university system have reported potential theft of sensitive data due to the hack. This incident underscores the critical nature of software vulnerabilities and the broad, opportunistic approach of cybercriminals targeting essential services and sensitive information.
Source: https://www.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html
"id": "pro304050624",
"linkid": "progress-software",
"type": "Cyber Attack",
"date": "05/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"