Wednesday, December 18, 2024

U.S. Department of Energy targeted in cyber attack

Oil Price


The U.S. Department of Energy was among several federal agencies that got targeted by hackers in a global cyberattack this week. In a statement cited by Reuters, the DoE said that the hackers used a vulnerability in a file-sharing software program to carry out the attack.

 

U.S. Department of Energy targeted in cyber attack- oil and gas 360
Source: Reuters

The attack used a weak spot in the MOVEIt file transfer software that its makers from Progress Software only discovered last month. This second attack was made possible by a second newly discovered vulnerability in the software.

The department also noted that the attackers got access to data from two related entities: a contractor, Oak Ridge Associated Universities, and a New Mexico facility for the disposal of nuclear waste generated by the defense industry.

Besides the Department of Energy, Reuters said that Shell was also a target of the cyber attackers, along with Johns Hopkins University and Johns Hopkins Health System, as well as the University System of Georgia.

Earlier this month, another attack was carried out on a multitude of targets in the UK and the United States, with a Russian-linked hacker group dubbed Cl0p claiming responsibility for it.

Following the latest attack, CNN cited the U.S. Cybersecurity and Infrastructure Security Agency as saying the same group was behind that attack as well. However, unlike they usually do, the attackers have not asked for a ransom, the report noted.

“We have communicated with customers on the steps they need to take to further secure their environments and we have also taken MOVEit Cloud offline as we urgently work to patch the issue,” Progress Software told CNN.

“At this time, we are not tracking any significant impacts to the federal civilian executive branch (.gov) enterprise but are continuing to work with our partners on this issue,” the Cybersecurity and Infrastructure Security Agency said, as quoted by Reuters.

Private cybersecurity experts estimate that besides the DoE, Shell, and the hospital systems, as many as several hundred entities could become targets of the hacking spree, as CNN put it.

By Charles Kennedy for Oilprice.com

Share: