Russian-speaking hackers obtained the email addresses of more than 600,000 employees at the Department of Justice (DOJ) and Department of Defense (DOD) in an expansive hack last spring, according to Bloomberg.
A hacking group, likely one known as Cl0p, accessed government email addresses, links to government employee surveys and internal Office of Personnel Management (OPM) employee tracking codes for DOJ and DOD, according to a report OPM submitted to the House Science, Space and Technology Committee and obtained by Freedom of Information Act request, Bloomberg reported. Other agencies had previously acknowledged falling victim of the massive attack exploiting a vulnerability in MOVEit, a file transfer tool, in the spring of 2023.
The hack affected various branches within DOD, including the Office of the Secretary of Defense, Air Force, Army, U.S. Army Corps of Engineers, Joint Staff and other defense agencies and field activities, Bloomberg reported, citing the eight-page OPM report. (RELATED: China Hacked Critical Networks To Spy On US Ahead Of Potential Conflict, Officials Say)
OPM characterized the breach as a “major incident” but said the information the threat actors obtained was “generally of low sensitivity” and did not pose a major threat, according to Bloomberg.
The report said there was “no indication” any unauthorized person accessed any of the links to surveys leaked in the breach, according to Bloomberg.
Hackers got to the information through exploiting a weakness in the code for the MOVEit file transfer service used by Westat Inc., with which OPM contracts for administering Federal Employee Viewpoint Surveys, Bloomberg reported.
The Department of Health and Human Services, Department of Agriculture, General Services Administration and Department of Energy confirmed this summer that email addresses and other information fell into the hands of the threat actor. Cl0p demanded a ransom from the Energy Department after two of its sub-agencies were compromised as part of the massive hacking campaign.
Cl0p likely targeted more than 2,500 government and private organizations, Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, said, according to Bloomberg.
The important fact isn’t WHO Clop Ransomware is posting but rather that they ARE posting companies again.
Another small company that is not on any #MOVEit exploit breach list has just been posted by CL0P Ransomware. https://t.co/q1oBsDH8mk pic.twitter.com/3KrUgnTlzt
— Dominic Alvieri (@AlvieriD) October 28, 2023
CISA director Jen Easterly confirmed a ransomware group calling itself Cl0p orchestrated the massive attack but that the breaches would not pose a “systemic risk” to national security or U.S. networks.
Cybersecurity researchers believe Cl0p became active in 2014 but began ransoming organizations in 2019 and operates with the unspoken backing of the Russian government, according to CBS and cyber threat analysts.
Progress Software Corp., MOVEit’s parent company, told Bloomberg it is working to mitigate impacts of the breach.
The DOD and DOJ did not immediately respond to the Daily Caller News Foundation’s request for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.