Several US federal government agencies and 'several hundred' companies and organizations in the US have been impacted by a global cyberattack attributed to the Russian cybercriminal gang, Clop. Utilizing a vulnerability in the widely used MOVEit software, developed by Progress Software, the attackers have compromised sensitive data. Although the Department of Energy confirmed breaches within two of its entities, significant impacts on federal civilian agencies have not been reported. This cyberattack campaign, which began two weeks ago, has affected major US universities and state governments, highlighting the ongoing challenge of ransomware attacks. The situation is exacerbated by the discovery of a second vulnerability within the MOVEit software, prompting Progress Software to work urgently on a patch and take MOVEit Cloud offline to secure customer environments.
Source: https://www.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html
TPRM report: https://scoringcyber.rankiteo.com/company/progress-software
"id": "pro504050624",
"linkid": "progress-software",
"type": "Vulnerability",
"date": "05/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Government',
'location': 'USA',
'name': 'US Federal Government Agencies',
'type': 'Government'},
{'industry': 'Education',
'location': 'USA',
'name': 'Major US Universities',
'type': 'Educational Institutions'},
{'industry': 'Government',
'location': 'USA',
'name': 'State Governments',
'type': 'Government'}],
'attack_vector': 'Vulnerability in MOVEit software',
'data_breach': {'type_of_data_compromised': 'Sensitive data'},
'description': "Several US federal government agencies and 'several hundred' "
'companies and organizations in the US have been impacted by a '
'global cyberattack attributed to the Russian cybercriminal '
'gang, Clop. Utilizing a vulnerability in the widely used '
'MOVEit software, developed by Progress Software, the '
'attackers have compromised sensitive data. Although the '
'Department of Energy confirmed breaches within two of its '
'entities, significant impacts on federal civilian agencies '
'have not been reported. This cyberattack campaign, which '
'began two weeks ago, has affected major US universities and '
'state governments, highlighting the ongoing challenge of '
'ransomware attacks. The situation is exacerbated by the '
'discovery of a second vulnerability within the MOVEit '
'software, prompting Progress Software to work urgently on a '
'patch and take MOVEit Cloud offline to secure customer '
'environments.',
'impact': {'data_compromised': 'Sensitive data'},
'initial_access_broker': {'entry_point': 'MOVEit software vulnerability'},
'motivation': 'Financial gain and data theft',
'post_incident_analysis': {'corrective_actions': 'Patch development and '
'MOVEit Cloud taken offline',
'root_causes': 'Vulnerability in MOVEit software'},
'ransomware': {'ransomware_strain': 'Clop'},
'response': {'remediation_measures': 'Patch development and MOVEit Cloud '
'taken offline'},
'threat_actor': 'Clop',
'title': 'Global Cyberattack by Clop Gang Targeting US Federal Agencies and '
'Organizations',
'type': 'Ransomware Attack',
'vulnerability_exploited': 'MOVEit software vulnerability'}