Get 40% Off
⚠ Earnings Alert! Which stocks are poised to surge?
See the stocks on our ProPicks radar. These strategies gained 19.7% year-to-date.
Unlock full list

US health department, law firms latest hit in wide-ranging hack

Published 06/28/2023, 07:14 PM
Updated 06/29/2023, 01:22 PM
© Reuters. FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.  REUTERS/Kacper Pempel/Illustration/File Photo

By Raphael Satter

WASHINGTON (Reuters) -The U.S. Department of Health and Human Services (HHS) was among those affected by a wide-ranging hack centered on a piece of software called MOVEit Transfer, a source at HHS said on Wednesday.

"While no HHS systems or networks were compromised, attackers gained access to data by exploiting the vulnerability in the MOVEit Transfer software of third-party vendors," a health department official familiar with the matter said.

Hackers behind the massive breach also claimed credit for stealing data from two major law firms, Kirkland & Ellis LLP and K&L Gates LLP.

The ransomware gang known as cl0p posted the names of Kirkland & Ellis LLP and K&L Gates LLP to its leak site, typically a sign that negotiations between the victims and the hackers had broken down.

The hackers' claims could not immediately be verified. Kirkland and K&L did not immediately return messages left after hours. A spokesperson for HHS could not immediately be reached.

HHS' name did not appear among cl0p's list of purported victims. The group has previously insisted it doesn't deliberately steal data from government organizations, but that doesn't mean that data hasn't been compromised.

Bloomberg earlier reported that HHS was affected by the hack, citing a person familiar with the incident at the department as saying that tens of thousands of records could have been exposed.

Cl0p didn't immediately return an email seeking comment.

Believed by researchers to be a Russian-speaking group of hackers, cl0p was recently able to gain access to a wide swathe of organizations' data by compromising MOVEit Transfer, a file commercial management tool made by Progress Software (NASDAQ:PRGS).

© Reuters. A worker arrives at the Department of Health and Human Services in Washington, October 1, 2013. REUTERS/James Lawler Duggan/File Photo

Speaking to Reuters ahead of the latest claims, Jon Clay, the vice president for threat intelligence at cybersecurity firm TrendMicro, described cl0p as a resourceful group with little incentive to stop its shakedown spree.

"They aren't going away," he said. "Unless the heat gets on them very bad."

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.