Several US federal government agencies have been hit in a global hacking campaign that exploited a vulnerability in widely used software, CNN reported on Thursday.
The US Cybersecurity and Infrastructure Security Agency (CISA) is providing support to several federal agencies that have experienced intrusions affecting vulnerable software exploited by the hackers, Eric Goldstein, the agency's executive assistant director for cybersecurity, told CNN.
Neither the name of the affected software nor the details of the alleged vulnerability were identified. CISA did not immediately respond to Reuters requests for comment. The FBI and US National Security Agency also did not immediately return emails seeking comment.
Vulnerabilities in popular software products have repeatedly led to follow-on breaches at a wide variety of organizations across the world. Most recently, a weakness in the transfer software MOVEit led to the compromise of data from organizations including the BBC, Boots and British Airways.
It was not clear whether those hacks had anything to do with the recently announced US government breach.
Online extortion group could be responsible
The online extortion group Cl0p - which has claimed credit for the MOVEit hack - has previously said it would not exploit any data taken from government agencies.
"IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA," the group said in a statement on its website.
Cl0p did not immediately return a message seeking comment. MOVEit's maker - Progress Software Corp - did not immediately respond to a message.