The U.S. Department of Energy, along with multiple federal agencies, fell victim to a worldwide hacking campaign that exploited a vulnerability in widely used file-transfer software, according to officials’ statements on Thursday. The Department of Energy confirmed that data was “compromised” at two entities within their organization, namely the DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, a facility in New Mexico responsible for defense-related nuclear waste disposal.In separate statements, British energy giant Shell, the University System of Georgia, Johns Hopkins University, and the Johns Hopkins Health System also revealed that they were targeted in the hacking campaign. The latter is a nonprofit organization working in collaboration with the university, operating six hospitals and primary care centers. These recent victims join a growing list of entities across the United States, Britain, and other countries that have experienced breaches through the exploited MOVEit Transfer software, which Progress Software, the software’s maker, discovered a security flaw in late last month.The hacker group Cl0p, with links to Russia, claimed responsibility for the MOVEit hack but stated that it would not exploit any data obtained from government agencies and had deleted such data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed its assistance to breached federal agencies but did not disclose their names. CISA stated that there were no significant impacts on the federal civilian executive branch enterprise, but investigations are ongoing in collaboration with law enforcement.The Department of Energy has reported the breach to Congress and is actively participating in investigations with law enforcement and CISA. Shell stated that its core IT systems did not show any evidence of impact, but they are urgently investigating potential data exposure related to the MOVEit Transfer breach. Johns Hopkins University and the University System of Georgia are also investigating the cyber attacks on their networks.Various large organizations, including the UK’s telecom regulator, British Airways, the BBC, and drugstore chain Boots, have previously been identified as victims of this hacking campaign. MOVEit Transfer is a popular tool used by organizations to securely share sensitive information with partners or customers. The software’s vulnerabilities pose significant risks, allowing potential adversaries to gain unauthorized access to critical data. READ MORE