The US Cybersecurity and Infrastructure Security Agency
(CISA) said several federal bodies had experienced intrusions following the
discovery of a weakness in the file transfer software MOVEit, Eric Goldstein,
the agency's executive assistant director for cybersecurity, said in a
statement.
"We are working urgently to understand impacts and
ensure timely remediation," he said. CNN first reported on the statement.
CISA did not identify the agencies that were hit or say
exactly how they had been affected. It did not immediately respond to requests
seeking further comment. The FBI and National Security Agency also did not
immediately respond to emails seeking details on the breaches.
The United States does not expect any "significant
impact" from the breach, CISA Director Jen Easterly told MSNBC.
MOVEit, made by Progress Software, is typically used by
organizations to transfer files between their partners or customers. Progress
shares fell 4 percent.
It could be used by a financial institution that requires
their customers to upload their data to apply for a loan, John Hammond, a
senior researcher at the security firm Huntress, said earlier this month.
"There's a whole lot of potential for what an adversary
might be able to get into," he said.
The online extortion group Cl0p, which has claimed credit
for the MOVEit hack, has previously said it would not exploit any data taken
from government agencies.
"IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT
WORRY, WE ERASED ALL YOUR DATA," the group said in a statement on its
website.
Neither Cl0p nor Progress immediately responded to requests
for comment. © Reuters