Skip to main content
close search
site logo
Dive Brief

DOE among federal agencies hit by possible Russian cyberattack

Published June 16, 2023
Robert Walton's headshot
Senior Reporter
A man faces multiple computer screens.
South_agency via Getty Images

Dive Brief:

  • Hackers have accessed data at the U.S. Department of Energy and other federal agencies, the Cybersecurity and Infrastructure Security Agency confirmed Thursday according to multiple news sources.
  • DOE’s Waste Isolation Pilot Plant and agency partner Oak Ridge Associated Universities experienced breaches, according to a report by Federal News Network. 
  • CISA and the Federal Bureau of Investigation warned last week of vulnerabilities in data sharing software known as MOVEit, developed by Progress Software. The notice singled out Russia-linked ransomware group CL0P as potentially exploiting the software weaknesses.

Dive Insight:

The MOVEit hack exploited two previously known vulnerabilities, and highlights the need to keep systems current with software patches and security updates, according to a security expert.

“Many agencies falling victim to attacks today ... appear to be compromised due to the previously released vulnerabilities that had patches released on May 31 and June 9,” Tom Marsland, vice president of technology at Cloud Range, said in a statement. The company provides companies with cybersecurity training.

“This reiterates the need for a robust vulnerability management program and goes to highlight the importance of the basic fundamentals necessary in cybersecurity,” Marsland added.

DOE was also a victim of the SolarWinds hack in 2020. However, agency officials say the MOVEit vulnerabilities are a different situation.

“This is not a campaign like SolarWinds that poses a systemic risk,” CISA Director Jen Easterly told reporters Thursday, noting it was a more “opportunistic” attack. The SolarWinds attack was widely attributed to Russian state-backed hackers.

Oil giant Shell may also have been a victim of CL0P’s exploit.

The Waste Isolation Pilot Plant is a storage repository for nuclear waste. Oak Ridge Associated Universities was originally known as the Oak Ridge Institute for Nuclear Studies and has worked with DOE for decades on a wide range of issues.

CISA is “urgently focused on addressing risks posed by this vulnerability,” Easterly said. However, “it’s important to clarify the scope and nature of this campaign.”

Based on discussions with industry partners, Easterly said it does not appear the intrusions are being “leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information.”

Editors' picks

Company Announcements

View all | Post a press release
The 8th Annual US-Mexico Natural Gas Forum takes place November 11-13, in San Antonio, TX
From LDC Gas Forums
October 31, 2024
8th Annual TMG Utility Forum Tackles Artificial Intelligence (AI)
From TMG, an RIA company
October 30, 2024
eSmart Systems raises EUR 30 million in investment to accelerate growth
From eSmart Systems
October 28, 2024
NV5 Earns Esri’s Network Management Specialty Designation
From NV5 Geospatial
October 15, 2024
Editors' picks
Latest in Grid Security & Reliability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell