Report: Russian-Speaking Hacking Group Breached 632,000 US Government Email Addresses

A Russian-speaking hacking group reportedly accessed the email addresses of about 632,000 U.S. federal employees at the Department of Defense and the Department of Justice.

The cyberattack, known as the MOVEit hack, happened May 28 and 29 and exploited vulnerabilities in the popular file-transfer tool MOVEit, Bloomberg reported Monday (Oct. 30), citing a report compiled by the Office of Personnel Management (OPM) and obtained by the media outlet through a Freedom of Information Act (FOIA) request.

While government agencies had confirmed the breach, they had provided little information regarding the extent of the attack, according to the Bloomberg report.

The OPM report sheds light on the details of the MOVEit hack, the media outlet said. It states that the unauthorized actors gained access to government email addresses, links to government employee surveys administered by the OPM and internal tracking codes.

The affected employees were from various parts of the Defense Department, including the Air Force, Army, U.S. Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff, Defense Agencies and Field Activities, per the report.

While the OPM classified the hack as a “major incident,” it stated that there was no reason to believe it posed a significant risk, according to the Bloomberg report. The compromised data was deemed to be “generally of low sensitivity” and not classified.

The Department of Health and Human Services, the Department of Agriculture, the General Services Administration and the Department of Energy confirmed earlier that they were affected by the hack, the report said.

The hacking group responsible for the MOVEit attack is known as Clop or Cl0p, per the report. This group has been linked to a series of cyberattacks, with over 2,500 organizations falling victim to their activities.

During the May breach, the hackers stole data from several users of MOVEit. Software maker Progress Software made fixes upon discovering the vulnerability on May 28.

It was reported soon after that pharmacy chain Boots, Nova Scotia’s government and at least two airlines were among the companies affected.

“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” MOVEit spokesperson John Eddy said at the time.