The Clop group, a notorious cybercriminal organization, has gained unauthorized access to the email addresses of approximately 632,000 employees of the US defense and justice departments, according to the USA Office of Personnel Management (OPM).
Earlier reports from federal cybersecurity services confirmed that government agencies had been compromised, but provided limited information about the scale of the attack and the specific departments affected. The OPM has now shed light on the incident, revealing that the hackers exploited vulnerabilities in Moveit, a popular file transmission tool.
The breach resulted in the threat entity obtaining unauthorized access to email addresses of government employees, links to employee polls conducted by the OPM, and internal tracking codes. Among the affected individuals were employees from the Ministry of Justice, as well as various departments within the Ministry of Defense, including the Air Force, Army, and Defense Agencies.
OPM has reassured the public that there is no reason to believe the attack poses a significant risk, as the compromised data were of “low level of importance” and not classified. However, it is important to note that this is not the first time the Clop group has targeted US agencies and large corporations. Previous victims include the US Energy Department, Shell, Deutsche Bank, and PwC.
The breach was made possible through a vulnerability in the Moveit program, which is used by Westat Inc., a contractor of the OPM, for data administration related to employee reviews. The report clarifies that there is no evidence to suggest that any links from the surveys were affected.
In response to the incident, Progress Software Corp., the parent company of Moveit, has taken steps to minimize the impact of the cyber attack. The company has expressed condolences to the affected users and affirmed its commitment to collaborating with industry efforts in combating cybercrime.
Westat, the OPM contractor, has conducted an extensive investigation and worked with third-party specialists to assess the security of its systems and reduce the likelihood of future incidents.