MASS HACK MEANS YOU MIGHT NOT BE YOU

June 16, 2023 -Durt Fibo

 

A super-tsunami of hacking attacks breached the US Department of Energy yesterday, and today nabbed the data on 4.6 million and 3.5 million people in the Louisiana and Oregon Department of Motor Vehicles respectively. Apart from the federal Energy Department, subcontracting and partnered science and technology firms and agencies, including at least one engaged in the disposal of defense-related nuclear waste were breached, beyond which the American Cybersecurity and Infrastructure Security Agency says that multiple other federal government agencies were hacked. Also penetrated were: Johns Hopkins University, the Johns Hopkins Health System, the University of Georgia, and Shell.

Information is now being verified on earlier hacks in the U.K. that raided British Airways, Aer Lingus, the BBC, Ernst & Young, Boots pharmacies, and the governmental Office of Communications (Ofcom).

The mass hack was achieved by breaching software called MOVEit, which was sold as being designed to move sensitive files -including virtually all personal data, even up to bank account details- securely. Thus, as pitched, it is currently in use globally. Even, for another example, by the payroll provider Zellis.

With an admixture of traces and their own boasts, culpability is being attributed to CIop, a Russian extortion group. Every individual connected (even unwittingly) with the U.S. hacks is now officially “at risk.” The DMVs’ alerts uselessly advise all those people to immediately try to save themselves by pleading for info from the 3 privately-owned credit agencies, but gives no remedy for all the many other abuses of personal data the hack can bring down on them. Jurisdiction for this falls to the FBI, specifically its Cyber Division.

CIop is a forward site intertwined with Lace Tempest -sometimes called Storm-0950- a ransomware operation affiliated with FIN11, TA505, and Evil Corp. FIN11 is a cybercriminal group that has been active since at least 2016, with attacks emanating from the Commonwealth of Independent States (CIS), which is the political rump of the former Soviet Union. Old hands at phishing, they have developed with the times to initiate high-volume operations mainly targeting companies in North America and Europe for data theft and ransomware, with an abiding attraction to pharmaceutical and other health care sectors. According to the US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3), this piratical jumble is responsible for over 2,000 “instances” chiefly in the U.S., and at least 128 MOVEit hacks in the U.K. That assessment was of last Thursday. Furthermore, HC3 and independent security sentinels emphasize that the hackers are “behind multiple high-profile, widespread intrusion campaigns leveraging zero-day vulnerabilities,” and that “It is likely that FIN11 has access to the networks of far more organizations than they are able to successfully monetize, and choose if exploitation is worth the effort based on the location of the victim, their geographical location, and their security posture.”

For those who were unaware of its presence in their (past) lives, I can easily explain that, used by everyone from government agencies to mundane business to health care and countless organizations which store personal identity data for no justifiable reason, MOVEit is a managed file transfer product from Progress Software for automated high-volume, HIPAA- and GDPR-compliant transfers. Vulnerabilities were identified, at least since May, in the MOVEit Transfer and MOVEit Cloud systems, according to reports from the Cybersecurity and Infrastructure Security Agency (CISA) and Progress Software itself -which owns MOVEit. The latest patch for MOVEit Cloud users was released on June 9, just one week ago.

Say goodbye to yourself.