U.S. Energy Department and Other Federal Agencies Hit by Russian Cyber Attack
As the country is swamped with ‘Pride Month’ antics and our government focusing on ridiculous claims of domestic threats, there have been a couple of significant cyber security incidents involving China and Russia.
A security firm is claiming that Chinese spies have hacked into hundreds of private and public networks around the world.
Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in a emailed statement. That hack compromised tens of thousands of computers globally.
…Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activivity [sic] began as early as October.
The hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said. Of those organizations, 55% were from the Americas, 22% from Asia Pacific and 24% from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia, foreign trade offices and academic organizations in Taiwan and Hong Kong. the company said.
The report said hackers targeted email to engage in “espionage activity in support of the People´s Republic of China.” A Chinese spokesperson says the accusation is “far-fetched.”
“The relevant content is far-fetched and unprofessional,” said the Chinese spokesperson, Wang Wenbin.
“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the U.S. government´s political smear against other countries,” Wang said.
Add to this the fact that the U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software.
Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a statement.
A DOE official said those entities were the DOE contractor Oak Ridge Associated Universities, and the Waste Isolation Pilot Plant – the New Mexico-based facility for disposal of defense-related nuclear waste.
British energy giant Shell (SHEL.L), the University System of Georgia, the Johns Hopkins University and the Johns Hopkins Health System were also hit, all three groups said in separate statements. The latter is a nonprofit that collaborates with the university and runs six hospitals and primary care centers.
The new victims add to a growing list of entities in the U.S., Britain and other countries whose systems were infiltrated through the MOVEit Transfer software. The hackers took advantage of a security flaw that its maker, Progress Software (PRGS.O), discovered late last month.
Reports indicate Russian cybercriminals were behind this cyber attack.
Clop, the ransomware gang allegedly responsible, is known to demand multimillion-dollar ransoms. But no ransom demands have been made of federal agencies, the senior official told reporters in a background briefing.
… CLOP last week claimed credit for some of the hacks, which have also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others.
The Russian hackers were the first to exploit the MOVEit vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.
The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies. Instead, the hackers wrote in all caps, “If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information.”
The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on wringing their victims for as much money as possible.
Perhaps those in the federal government should take a few moments from their transgender celebrations and their virulent attacks on American patriots and their families to focus on more significant and genuine threats to our life, liberty, and security.DONATE
Donations tax deductible
to the full extent allowed by law.