Carding 4 Carders
Professional
What secrets the attackers managed to get is still unknown.
As a result of a large-scale cyber attack, the Clop group gained access to the email addresses of about 632,000 employees of the US Departments of Defense and Justice.
A report prepared by the US Office of Personnel Management (OPM) reveals new details of a cyberattack in which hackers exploited vulnerabilities in MOVEit — a popular file transfer tool. Earlier, federal cybersecurity services confirmed the fact of compromising state structures, but did not say much about the scale of the attack, and the affected departments were also not specified.
The U.S. Human Resources Administration reported that the threat subject obtained unauthorized access to government email addresses, links to employee surveys conducted by OPM, and internal OPM tracking codes. Employees of the Department of Justice and various departments of the Department of Defense were affected: the Air Force, the Army, the U.S. Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Chiefs of Staff and defense agencies, and field services.
According to OPM, there is no reason to believe that the attack poses a significant risk, and that the compromised data was "low-level of importance" and was not classified. Other U.S. agencies and large corporations have previously been targeted by the group, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC .
According to the report, hackers gained access to the data by exploiting a vulnerability in the MOVEit file transfer program used by Westat Inc. (an OPM contractor) to administer data from "public employee opinion polls." The report states that there is no indication that any links from the survey were affected.
A spokesperson for Progress Software Corp., MOVEit's parent company, said steps have been taken to minimize the impact of the cyberattack. The company also expressed its condolences to the affected users and reaffirmed its commitment to cooperate in the industry's efforts to combat cybercrime.
A Westat representative said that the company conducted an extensive investigation and worked with third-party specialists to assess the security of systems and to reduce the likelihood of similar incidents in the future.
As a result of a large-scale cyber attack, the Clop group gained access to the email addresses of about 632,000 employees of the US Departments of Defense and Justice.
A report prepared by the US Office of Personnel Management (OPM) reveals new details of a cyberattack in which hackers exploited vulnerabilities in MOVEit — a popular file transfer tool. Earlier, federal cybersecurity services confirmed the fact of compromising state structures, but did not say much about the scale of the attack, and the affected departments were also not specified.
The U.S. Human Resources Administration reported that the threat subject obtained unauthorized access to government email addresses, links to employee surveys conducted by OPM, and internal OPM tracking codes. Employees of the Department of Justice and various departments of the Department of Defense were affected: the Air Force, the Army, the U.S. Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Chiefs of Staff and defense agencies, and field services.
According to OPM, there is no reason to believe that the attack poses a significant risk, and that the compromised data was "low-level of importance" and was not classified. Other U.S. agencies and large corporations have previously been targeted by the group, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC .
According to the report, hackers gained access to the data by exploiting a vulnerability in the MOVEit file transfer program used by Westat Inc. (an OPM contractor) to administer data from "public employee opinion polls." The report states that there is no indication that any links from the survey were affected.
A spokesperson for Progress Software Corp., MOVEit's parent company, said steps have been taken to minimize the impact of the cyberattack. The company also expressed its condolences to the affected users and reaffirmed its commitment to cooperate in the industry's efforts to combat cybercrime.
A Westat representative said that the company conducted an extensive investigation and worked with third-party specialists to assess the security of systems and to reduce the likelihood of similar incidents in the future.
