In the latest cyber incident affecting the US federal government, two arms of the US Department of Energy (DOE) and, according to press reports, the US Department of Agriculture and the Office of Personnel Management, have been swept up in a sprawling spree of attacks by the Russia-based Clop ransomware gang.
The Clop organization is exploiting vulnerabilities in Progress Software’s MOVEit Transfer security file transfer platform to attack dozens of public and private sector organizations worldwide. Progress disclosed the first flaw, a SQL injection vulnerability, on May 31. On June 9, Progress reported a second flaw, another SQL injection vulnerability, that “could lead to escalated privileges and potential unauthorized access to the environment.” The company has issued patches for both flaws.
