CISA officials said in a briefing that the attackers took data that was available only at the time of intrusion, and that there were no signs that the breach enabled them to gain a foothold into federal networks. “This was largely an opportunistic attack,” Easterly said in the briefing. There have been no ransom demands and no leaks of federal data.
CISA issued an advisory about the threat to the software last week; the managed file transfer software allows agencies to transfer data securely between systems and people. There have been reports of several hundred attacks on this software in the private sector, CISA noted.
The hackers used CL0P ransomware to enter the networks, Easterly said. “They’re taking data and looking to extort it. We’re tracking it as a criminal group.”
While Easterly and CISA declined to name the agencies involved, Federal News Network identified one as the Department of Energy, where two organizations within the agency were apparently attacked.
A senior CISA official said that no military or intelligence agencies were affected.
Federal agencies are under a White House mandate to create a zero-trust cybersecurity environment by September 2024, and Easterly said that those ongoing efforts gave agencies the visibility needed to notice and defend against the attack.
