Skip to main content
close search
site logo
Dive Brief

DOE among federal agencies hit by possible Russian cyberattack

Published June 16, 2023
Robert Walton's headshot
Senior Reporter
A man faces multiple computer screens.
South_agency via Getty Images

Dive Brief:

  • Hackers have accessed data at the U.S. Department of Energy and other federal agencies, the Cybersecurity and Infrastructure Security Agency confirmed Thursday according to multiple news sources.
  • DOE’s Waste Isolation Pilot Plant and agency partner Oak Ridge Associated Universities experienced breaches, according to a report by Federal News Network. 
  • CISA and the Federal Bureau of Investigation warned last week of vulnerabilities in data sharing software known as MOVEit, developed by Progress Software. The notice singled out Russia-linked ransomware group CL0P as potentially exploiting the software weaknesses.

Dive Insight:

The MOVEit hack exploited two previously known vulnerabilities, and highlights the need to keep systems current with software patches and security updates, according to a security expert.

“Many agencies falling victim to attacks today ... appear to be compromised due to the previously released vulnerabilities that had patches released on May 31 and June 9,” Tom Marsland, vice president of technology at Cloud Range, said in a statement. The company provides companies with cybersecurity training.

“This reiterates the need for a robust vulnerability management program and goes to highlight the importance of the basic fundamentals necessary in cybersecurity,” Marsland added.

DOE was also a victim of the SolarWinds hack in 2020. However, agency officials say the MOVEit vulnerabilities are a different situation.

“This is not a campaign like SolarWinds that poses a systemic risk,” CISA Director Jen Easterly told reporters Thursday, noting it was a more “opportunistic” attack. The SolarWinds attack was widely attributed to Russian state-backed hackers.

Oil giant Shell may also have been a victim of CL0P’s exploit.

The Waste Isolation Pilot Plant is a storage repository for nuclear waste. Oak Ridge Associated Universities was originally known as the Oak Ridge Institute for Nuclear Studies and has worked with DOE for decades on a wide range of issues.

CISA is “urgently focused on addressing risks posed by this vulnerability,” Easterly said. However, “it’s important to clarify the scope and nature of this campaign.”

Based on discussions with industry partners, Easterly said it does not appear the intrusions are being “leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information.”

Editors' picks

Company Announcements

View all | Post a press release
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Chartwell Electric Vehicle Benchmark Survey in the Field for North American Utilities
From Chartwell Inc.
November 19, 2024
Heat Pump Assisted Water Heater Technology Could Make Big Lift
From Energy Solutions
November 07, 2024
Editors' picks
Latest in Grid Security & Reliability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell