Pierluigi Paganini November 02, 2023

Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice.

Russian-speaking Clop ransomware group gained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice. The security breach is the result of the MOVEit hacking campaign that took place this summer. The MOVEit campaign also targeted additional US agencies, including the Department of Health and Human Services, the Department of Agriculture, and the General Services Administration.

The news of the attacks on the government departments was reported by federal cybersecurity officers to the House Science, Space and Technology Committee in July.

A report written by the US Office of Personnel Management, and obtained through a Freedom of Information Act request, provides more details about the attacks.

“The Office of Personnel Management, in a July report on the incident submitted to a congressional committee, said an unauthorized actor obtained access to government email addresses, links to government employee surveys administered by OPM and internal OPM tracking codes.” states Bloomberg. “The impacted employees were at the Department of Justice and various parts of the Defense Department: the Air Force, Army, US Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff and Defense Agencies and Field Activities.“

The Office of Personnel Management labeled the security breach as a “major incident,” however, at the time the government agency downplayed the risk of homeland security because the compromised data was “generally of low sensitivity” and not classified.

The report confirmed that attackers gained access to the data by exploiting the MOVEit flaw in a system used by Westat Inc., which is a service provider of OPM.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)