![clop ransomware moveit attacks leaks pentagon emails photo of pentagon from above](https://www.techfinitive.com/wp-content/uploads/2023/10/clop-ransomware-moveit-attacks-leaks-pentagon-emails.jpg)
Clop ransomware MOVEit attacks exposed email addresses of 632,000 Pentagon & DoJ employees
An internal Pentagon report has revealed that the email addresses of 632,000 Department of Justice and Pentagon staff are compromised. This follows May’s attacks by the Russian-speaking Clop ransomware group that exploited a vulnerability in the MOVEit file-transfer app.
Several key US government agencies were among the victims. Reports suggest these include the Air Force and Army as well as the Office of the Secretary of Defense.
The Office of Personnel Management (OPM) report, obtained by Bloomberg using the Freedom of Information Act, described this as a major incident. However, it concluded that the country was not placed at significant risk and that the hacked material “was generally of low sensitivity”.
Meanwhile, Forbes reported that the Clop ransomware group compromised the OPM supply chain by targeting a third-party data firm used by the government agency for employee surveys.
Lessons from MOVEit
Roger Neal, Head of Product at Apona Security, describes the MOVEit attacks as “yet another example of how things can go south if we’re not on top of what third-party software we’re using and consistently staying up to date with vulnerability management”.
In a June 2023 advisory, the National Cyber Security Centre (NCSC) stated that organisations directly affected should apply the latest vulnerability patch from MOVEit vendor Progress and check for the latest mitigation advice. This includes patches for additional vulnerabilities.
Once again, the importance of having robust patch management processes in place to prioritise vulnerabilities by risk to the organisation, and ensure deployment within as short a timeframe after disclosure as is possible, comes to the fore.
“Vulnerability management is not a one-off task but needs to be ongoing, especially for issues of critical nature,” Neal warns. “Hackers are relentless and continuously evolve their tactics. They probe systems for any weak link, and an outdated third-party component can be just the loophole they need to infiltrate secure networks.”
Danger from third parties
Neal points out that the MOVEit breach of OPM emails is yet another example of why third-party, supply chain, component tracking is so important to every organisation. From the smallest enterprise right up to nation-state agencies.
“It doesn’t matter if we scan for vulnerabilities if we don’t document the existence of the vulnerable component,” Neal says. “An accurate inventory of third-party components serves as a foundational element in building a resilient security posture.”
This component inventory essentially becomes a roadmap to guide the process of vulnerability management. It also ensures there are no threat vector blind spots.
“It’s about safeguarding an organisation’s data, maintaining operational integrity, and ultimately, ensuring the trust and confidence of stakeholders and the public at large,” Neal concludes. And it’s hard to argue with any of that.
Attacked without your knowledge
There is another danger: that Clop has already attacked your business but you don’t know it.
“Unlike the more traditional ransomware gangs that are operating, this group does not bother with the encryption of the data and subsequent disruption of services,” said Erich Kron, security awareness advocate at KnowBe4.
“This means that in many cases the victims may not realise they are suffering a breach because there are no extremely evident signs such as failures of service or systems going offline.”
Kron also believes it’s dangerous to believe everything that the Clop ransomware group says.
“While the group promised to delete information related to governments, cities or police departments, it seems highly unlikely that this group is to be trusted,” he said.
“While they may not leak this information publicly, it could be of great interest to other nation states looking to gather intelligence on American citizens or government agencies, potentially offering them a source of income if willing to sell the information to these entities.”
UPDATE: 2 November. Headline changed to add “& DoJ” employees.
NEXT UP
![Ryan Beal is CEO & Co-Founder of SentientSports](https://www.techfinitive.com/wp-content/uploads/2024/07/Ryan-Beal-is-CEO-Co-Founder-of-SentientSports.jpg)
Ryan Beal, CEO & Co-Founder of SentientSports: “Sports generate some of the richest datasets globally”
We interview Ryan Beal, CEO & Co-Founder of SentientSports, a startup using AI in fan engagement and athlete protection on social media.
![paris 2024 olympics green: Les podiums des Jeux de Paris 2024](https://www.techfinitive.com/wp-content/uploads/2024/07/Les-podiums-des-Jeux-de-Paris-2024.jpg)
Paris 2024: The greenest games ever
How the Paris 2024 Olympic Gamers organisers have lived up to their promise that this is the greenest Olympics ever
![Salesforce Workday AI shown by virtual HR assistant](https://www.techfinitive.com/wp-content/uploads/2024/07/0063cc3b-a032-4517-99d6-9eed67469551.jpeg)
Salesforce, Workday team up to launch AI employee service agent
Salesforce and Workday have marked their new strategic partnership with the launch of an AI-powered assistant to handle employee queries.