Government institutions and prominent organizations throughout the world have been subjected to a wave of cyberattacks after a critical vulnerability in the MOVEit file-transfer tool was exploited by hackers.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to that effect, indicating that the attacks are still ongoing, and that the full breadth of the breach is unknown. On May 31, Progress Software uncovered a vulnerability that allows unauthorized access to MOVEit systems, letting attackers to steal private data, install malicious software, or disrupt vital operations.
Investigations have revealed that several prominent organizations, including the Minnesota Department of Education, Ofcom (the United Kingdom’s telecommunications regulator), Nova Scotia’s health authority, British Airways, the BBC, John Hopkins, the Boots pharmacy chain, and the Department of Energy, have fallen prey to this attack.
Jen Easterly, the CISA’s director, noted that the CISA, Progress Software, the FBI, and government partners are collaborating closely to assess the effect of the vulnerability, and that the CISA is now assisting multiple impacted agencies with MOVEit application invasions. Easterly further assured that it is not as large as the SolarWinds campaign and does not represent an immediate danger to national security or the country’s network.
The sources for this piece include articles in Axios and TheRegister.