Late on Thursday, state agencies confirmed that millions of individuals in Louisiana and Oregon have fallen victim to a widespread cyberattack, which has also targeted the US federal government. The breach has specifically affected approximately 3.5 million Oregon residents possessing driver’s licenses or state ID cards, as well as individuals in Louisiana with the same documentation. On Friday, Casey Tingle, a senior official in the Louisiana governor’s office, disclosed that over 6 million records were compromised. However, this number includes duplicates due to some individuals possessing both driver’s licenses and vehicle registrations.
Although the states did not attribute blame to any specific entity for the cyberattack, federal officials have connected this breach to a Russian ransomware group as part of a larger hacking campaign exploiting the same vulnerability. The hackers took advantage of a security flaw in MOVEit, a widely used file-transfer software developed by Progress Software, based in Massachusetts.
The impact of the hack extends beyond the United States, with hundreds of organizations worldwide likely experiencing data exposure as a result of the hackers leveraging the security flaw to infiltrate networks in recent weeks. Initially reported that multiple US federal agencies, including the Department of Energy, were breached. Furthermore, sources informed that the US Office of Personnel Management was also affected by this extensive cyberattack. However, none of the federal agency breaches thus far have been deemed severe.
US officials have characterized this cyberattack as an opportunistic and financially motivated breach that has not caused significant disruptions to agency services.
Number of individuals affected by the cyberattack continues to increase
On Friday afternoon, the list of confirmed victims expanded as multinational consulting firm Aon informed that hackers had accessed files related to a limited number of their clients in the MOVEit breach. Other prominent organizations, including the BBC, British Airways, and the University of Georgia, have also been affected by the breach.
The compromised data from the Oregon and Louisiana motor vehicle departments may include Social Security numbers and driver’s license numbers, leading state authorities to provide guidance to residents on safeguarding themselves against identity fraud.
There is currently no indication that the hackers have sold or released the stolen data from the Louisiana Office of Motor Vehicles, and they have not made contact with the state government, as stated by the office of Louisiana Governor John Bel Edwards.
As the weekend approaches, US officials and corporate executives across the nation are actively searching for signs of stolen data and working to prevent the hackers from extorting their victims.
To fully comprehend the extent and potential consequences of the breach, experts emphasize the importance of examining not only technical and security data related to vulnerable software installations but also business relationships, such as contracts. Munish Walther-Puri, senior director of critical infrastructure at consultancy Exiger, highlights the need to understand the severity and future implications of the situation.
US cybersecurity officials have instructed federal agencies to implement updates provided by Progress Software. However, the recovery process faced complications on Thursday when a new vulnerability in the software was discovered, prompting urgent efforts by the company to address it.
The Russian-speaking hacker group known as Clop has claimed responsibility for the breach. While they are known to demand multimillion-dollar ransoms, both US and state governments assert that they have not received any ransom demands. The hackers seem to be targeting companies that are more likely to pay, adding the names of alleged victims to their dark-web platform to exert pressure.
Another federal agency has been targeted in the cyberattack
According to current and former US officials who are knowledgeable about the situation, the Office of Personnel Management (OPM) is among the numerous federal agencies that have been impacted by the extensive cyberattack. The exact nature and scope of the data affected within the OPM’s custody are still under investigation. The agency is responsible for managing human resources, retirement, and various services for the extensive federal workforce.
The Biden administration has prioritized a swift response to cyber incidents, as highlighted by Adam Hodge, a spokesperson for the National Security Council. In a recent statement, Hodge referred to a public advisory issued by federal agencies, aimed at aiding affected companies and government entities in promptly identifying and addressing vulnerabilities.
Hackers are displaying a high level of aggressiveness in their actions
According to an individual with direct knowledge of negotiations between the hackers known as Clop and their victims, the hackers have exhibited an extremely aggressive approach, even making a demand of over $100 million from one targeted corporation. However, such an audacious amount was deemed unacceptable and not pursued.
The source, speaking anonymously due to the lack of authorization to speak to the press, emphasized the hackers’ aggressive tactics during the negotiation process, which aimed to extort the victims.
A senior US official informed reporters on Thursday that “several hundred” companies and organizations in the United States could potentially be impacted by this hacking spree. This situation presents yet another challenge for the US government as it endeavors to effectively respond to a cyber incident that may require months to fully comprehend.
However, given the rise in ransomware attacks throughout 2021 and the preparedness for potential Russian cyberattacks surrounding Ukraine’s invasion, as well as other significant cyber threats, the FBI and the US Cybersecurity and Infrastructure Security Agency are considered to be in a relatively advantageous position to handle an influx of notifications and provide assistance. Jeff Greene, formerly a senior cyber official at the National Security Council and currently serving as the senior director of the Aspen Institute’s cybersecurity program, noted the improvement in the agencies’ response capabilities based on his firsthand experience.