Several US government agencies have been hacked through an FTP (file transfer protocol) exploit discovered in several popular corporate file-sharing services.
The Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday it is continuing to investigate the scope of the hack.
“CISA is providing support to several federal agencies that have experienced intrusions,” Eric Goldstein, the agency’s executive assistant director said. “We are working urgently to understand impacts and ensure timely remediation.”
The hackers utilized an exploit in MOVEIt, an FTP tool used for fast file transfers over networks. But the hacker group known as Cl0p had been using exploits in a similar FTP tool called GoAnywhere FTP in previous months and Accellion’s file transfer application in 2021.
The comment on Thursday from the CISA is the first confirmation that US government agencies are part of that group. It is unknown at this time if the government documents obtained by Cl0p were sensitive in nature or not.
Cl0p has published a list of organizations, not including US government agencies, demanding ransom payments to delete the data. The letter demands payment by June 14, though no data has been released yet. One organization, GreenShield Canada, a health and dental benefits non-profit, was listed on the site but has since been removed. It is not known if GreenShield paid the ransom or if the organization was removed for some other reason.
Other companies hit by the hack include BBC, British Airways, the Government of Nova Scotia, First National Bankers Bank and dozens more. John Hopkins University confirmed a hack it believes is related to the MOVEIt exploit, noting that it “may have impacted sensitive personal and financial information,” including names, contact information, and health billing records.
Some security experts have been encouraging companies to jettison all FTP applications.
Other government agencies outside of the CISA have yet to comment publicly on the hack.