|
"While no HHS systems or networks were compromised, attackers
gained access to data by exploiting the vulnerability in the
MOVEit Transfer software of third-party vendors," a health
department official familiar with the matter said.
Hackers behind the massive breach also claimed credit for
stealing data from two major law firms, Kirkland & Ellis LLP and
K&L Gates LLP.
The ransomware gang known as cl0p posted the names of Kirkland &
Ellis LLP and K&L Gates LLP to its leak site, typically a sign
that negotiations between the victims and the hackers had broken
down.
The hackers' claims could not immediately be verified. Kirkland
and K&L did not immediately return messages left after hours. A
spokesperson for HHS could not immediately be reached.
HHS' name did not appear among cl0p's list of purported victims.
The group has previously insisted it doesn't deliberately steal
data from government organizations, but that doesn't mean that
data hasn't been compromised.
Bloomberg earlier reported that HHS was affected by the hack,
citing a person familiar with the incident at the department as
saying that tens of thousands of records could have been
exposed.
Cl0p didn't immediately return an email seeking comment.
Believed by researchers to be a Russian-speaking group of
hackers, cl0p was recently able to gain access to a wide swathe
of organizations' data by compromising MOVEit Transfer, a file
commercial management tool made by Progress Software.
Speaking to Reuters ahead of the latest claims, Jon Clay, the
vice president for threat intelligence at cybersecurity firm
TrendMicro, described cl0p as a resourceful group with little
incentive to stop its shakedown spree.
"They aren't going away," he said. "Unless the heat gets on them
very bad."
(Reporting by Raphael Satter; Editing by Lincoln Feast)
[© 2023 Thomson Reuters. All rights
reserved.] Copyright 2022 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
