A critical flaw in software from Citrix Systems Inc., a company that pioneered remote access so people can work anywhere, has been exploited by government-backed hackers and criminal groups, according to a US cyber official.
31.10.2023 - 04:15 / tech.hindustantimes.com
A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request.
The report, by the US Office of Personnel Management, provides new details about a cyberattack in which hackers exploited flaws in MOVEit, a popular file-transfer tool. Federal cybersecurity officers previously confirmed that government agencies were compromised by the attack but have provided little information on the scope of the attack, nor did they name the agencies affected.
The Office of Personnel Management, in a July report on the incident submitted to a congressional committee, said an unauthorized actor obtained access to government email addresses, links to government employee surveys administered by OPM and internal OPM tracking codes. The impacted employees were at the Department of Justice and various parts of the Defense Department: the Air Force, Army, US Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff and Defense Agencies and Field Activities.
The Office of Personnel Management characterized the hack, which occurred on May 28 and May 29 as a “major incident,” but also said it didn't have reason to believe it posed a significant risk and that the compromised data was “generally of low sensitivity” and not classified.
The Department of Justice and the Department of Defense didn't immediately respond to requests for comment.
Other US agencies have previously confirmed that they were affected by the MOVEit breach, including the US Department of Health and Human Services, the Department of Agriculture, and the General Services Administration. The Energy Department received ransom requests from the hackers after two of its entities fell victim to the intrusions.
A hacking gang called Clop, or Cl0p, was blamed for the attack. So far, more than 2,500 organizations have been impacted, Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, posted on X, the platform formerly known as Twitter. Among the victims were government services provider Maximus Inc. and the Louisiana Office of Motor Vehicles, according to the firm.
The eight-page report, submitted to the House Science, Space and Technology Committee, said hackers were able to obtain access to the data by exploiting vulnerability in the MOVEit file transfer program used by Westat Inc., a vendor OPM uses to administer what is known as Federal Employee Viewpoint Surveys. The report said there was “no indication” that any unauthorized user accessed any of the survey links.
A spokesperson for Progress
A critical flaw in software from Citrix Systems Inc., a company that pioneered remote access so people can work anywhere, has been exploited by government-backed hackers and criminal groups, according to a US cyber official.
NVIDIA GeForce RTX 4090 GPUs are now more expensive than ever with prices touching close to $2000 US despite being on sale.
Developer Bohemia Interactive has announced that military sim Arma Reforger has left early access as of yesterday (November 16). The title is now available fully released for players on PC as well as those on Xbox Series X|S.
Sony Interactive Entertainment has launched its Black Friday sale.
AMD has posted even more record-breaking performance numbers of its Ryzen Threadripper PRO 7995WX 96-Core CPU which has been overclocked to an impressive 5.2 GHz on liquid cooling.
Every time Pokemon unveils some sort of weird crossover, you think that's it. After more than 25 years, the collaboration well has run dry. There's Pokemon milk for kids in Taiwan, Van Gogh-themed Pokemon merch in Amsterdam, and even collectible Pokemon Oreos. The crossovers keep on coming though, and the next one on Pokemon's agenda is a pricey one. A team-up with Tiffany & Co. which will include a Pikachu pendant priced at more than $31,000.
An increased number of Kirin 9000S orders did not aid the finances of SMIC as China’s largest semiconductor manufacturer posted a massive 80 percent dip in profits for the third quarter of this year. This drop is the company’s biggest in quarterly income since 2019, which was 64 percent. Overall, total revenue surpassed $1.621 billion, with a $93.98 million profit. Looking at these statistics, SMIC has a ton of catching up to do before it can match the earnings capabilities of Samsung, though the U.S. export controls continue to make things difficult for the chip maker.
NetEase's popular Chinese MMORPG, Justice, could soon make its Western debut. This speculation is fueled by a trademark application for Sword of Justice by NetEase Interactive Entertainment, filed on September 1, 2023, indicating a possible rebranding for the Western market.
Black Friday 2023 is right around the corner and deals on AMD, & Intel CPUs are already live, offering some amazing discounts to PC gamers.
Black Friday 2023 is right around the corner and deals on NVIDIA, AMD, & Intel GPUs are already live, offering some amazing discounts to PC gamers.
The Day Before, the post-apocalyptic survival MMO, has seen yet another delay, this time with Fntastic delaying the game till December 7th.
The saga of The Day Before just got a new chapter as developer Fntastic published the game's final trailer and revealed that the game would be released on December 7 in early access instead of the prior November 10th date.