Russian hackers say they hit the University of Missouri | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

ST. LOUIS — A Russian hacking group on Friday said the University of Missouri System was among dozens of its victims in a global cyberattack.

It’s the latest development since the federal Cybersecurity and Infrastructure Security Agency, or CISA, warned earlier this month that the “CL0P” ransomware gang had begun exploiting a vulnerability in online file-transfer software that is widely used by businesses.

This screenshot made by Curated Intel shows a list of victims posted Friday on the CL0P data leak site.

“We are aware of the announcement from CL0P,” Christian Basi, a spokesman for the UM System, said in an email. 

The exploited software, called “MOVEit Transfer,” is made by the Massachusetts-based company Progress Software. It allows users to send files securely.

“We’re investigating an IT issue that could be a potential security breach,” Basi added later, “and the MOVEit software is involved in that investigation.”

People are also reading…

Basi said the university became aware of the issue in early June. Because the software is used on multiple campuses, but not by all departments, the investigation will encompass the entire UM System, he said.

He said he couldn’t provide further details while the investigation was underway.

Webpages for the UM System and the University of Missouri-St. Louis show that the UM System used the popular file-sharing software, the Post-Dispatch found.

Confirmed victims so far include the U.S. Department of Energy, Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation and the British Broadcasting Company among others, according to The Associated Press.

Cybersecurity officials in Missouri and Illinois have said they are investigating potential impacts from the cyberattack in their states, with Illinois’ Department of Innovation and Technology warning last Friday that “a large number of individuals could be impacted.”

Missouri’s Office of Administration said Tuesday it would notify the public “as quickly as possible” once its investigation identified anyone who might have been impacted by the cyberattack.

CISA Director Jen Easterly told reporters on Thursday that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.

“Based on discussions we have had with industry partners … these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information — in sum, as we understand it, this attack is largely an opportunistic one,” Easterly said.

A senior CISA official told The Associated Press that neither the U.S. military nor intelligence community were affected. Energy Department spokesperson Chad Smith said two agency entities were compromised but did not provide more detail.

The CL0P ransomware syndicate announced last week on its dark website that its victims, who it suggested numbered in the hundreds, had until Wednesday to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.

The gang, among the world’s most prolific cybercrime syndicates, also claimed it would delete any data stolen from governments, cities and police departments.

Progress Software alerted its customers to the MOVEit vulnerability on May 31 and issued a patch. But cybersecurity researchers told the Associated Press that scores if not hundreds of companies could by then have had sensitive data quietly stolen.

The Associated Press contributed to this report.

ID Agent analyzed password data they collected on the dark web to find out what the most common password mistakes are.


Click Here For The Original Story From This Source.

National Cyber Security