Cl0p MOVEit Cyberattack hits U.S. Federal Agencies

Estimated read time 3 min read

In a disquieting development, a Russian-speaking hacking group infiltrated the email systems of approximately 632,000 U.S. federal employees. The targeted departments included the Defense and Justice Departments, among others.

The attack, which leveraged vulnerabilities in the MOVEit file transfer program, underscores the rising threats faced by governmental organizations in the realm of cybersecurity.

Anatomy of the MOVEit Attack

According to the U.S. Office of Personnel Management (OPM), the cybercriminals exploited flaws in MOVEit, a widely used file-transfer utility. Although federal cybersecurity officials had previously confirmed that various government agencies were compromised, the details remained under wraps. Until now, the specific agencies affected were not disclosed.

The OPM report divulges that unauthorized actors accessed not only government email addresses but also links to surveys managed by OPM and internal tracking codes.

The hack spanned across multiple sectors of the Defense Department, including the Air Force, Army, U.S. Army Corps of Engineers, and the Office of the Secretary of Defense.

Impact and Risk Assessment

Despite the scale of the intrusion, the OPM characterized the incident as “generally of low sensitivity” and non-classified.

They termed the attack a “major incident” but also stated that it didn’t pose a significant risk. This nuanced assessment raises questions about the criteria used for risk evaluation in cyberattacks on federal systems.

Cl0p MOVEit Cyberattack hits U.S. Federal Agencies
Cl0p MOVEit Cyberattack hits U.S. Federal Agencies

The Culprits Behind the MOVEit Breach

The hacking gang known as Clop, or Cl0p, is implicated in the MOVEit attack. Brett Callow1, a threat analyst at cybersecurity firm Emsisoft, reported that the attack impacted more than 2,500 organizations.

Among the affected entities are government services provider Maximus Inc. and the Louisiana Office of Motor Vehicles.

Vendor Vulnerabilities: The Role of Westat Inc.

The MOVEit file transfer program, used by vendor Westat Inc., was the attack vector in this case. Westat administers Federal Employee Viewpoint Surveys, and the report confirms that there was “no indication” that unauthorized users accessed any of the survey links. It raises an alarming issue about the security protocols followed by third-party vendors that federal agencies rely on.

Post-Incident Response and Mitigation

Progress Software Corp., the parent company of MOVEit, announced that they had initiated measures to mitigate the fallout of the cyberattack. Westat also conducted an exhaustive investigation, collaborating with third-party experts to assess and enhance the security of their systems.

Unanswered Questions and Future Implications

The MOVEit attack serves as a grim reminder of the vulnerabilities that plague even the most secure government systems. It also accentuates the role of third-party vendors in potentially compromising security. As cyber threats evolve, it’s crucial for federal agencies to ramp up their cybersecurity measures and scrutinize the security postures of their vendors rigorously.

In light of this, one can’t help but ponder the future of cybersecurity in governmental sectors. With hackers becoming increasingly sophisticated, can federal agencies keep up? Only time will tell, but one thing is clear: the MOVEit incident is not an isolated event but a cautionary tale in an era fraught with cyber risks.

  1. ↩︎
Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours