Reports: Progress MOVEit Hacks Hit Federal Government, State Agencies, Companies

‘We are continuing to work with industry-leading cybersecurity experts to investigate the issue,’ a MOVEit representative tells CRN.


Multiple media outlets have reported that government agencies, banks and universities are victims of a Russia-linked ransomware gang exploiting a security vulnerability in Progress’ MOVEit file-transfer software.

TechCrunch reported Thursday that the Clop ransomware group has listed multiple financial organizations as victims of the hack on a leak site. The group behind the hack has also been identified under the names Cl0p, TA505 and Lace Tempest.

CNN, meanwhile, reported Thursday that several U.S. federal government agencies have “experienced intrusions affecting their MOVEit applications,” based on a statement from the Cybersecurity and Infrastructure Security Agency (CISA).

Sponsored post

[RELATED: Progress Discloses More MOVEit Vulnerabilities, Releases New Patch]

Progress MOVEit Security

“We are working urgently to understand impacts and ensure timely remediation,” CISA told CNN. The agency didn’t tell CNN who carried out the hack and how many agencies were hit.

CRN has reached out to CISA for comment.

A MOVEit representative sent CRN a statement Thursday that said the company remains “focused on supporting our customers by helping them take the steps needed to further secure their environments, including applying the patches we have released.”

“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” according to MOVEit. “We have engaged with federal law enforcement and other agencies and are committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”

Progress has more than 3,500 partners including resellers, distributors, system integrators and managed services providers, according to the company.

A Progress blog post Thursday provides guidance on detecting and responding to data exfiltration. A Tuesday blog post said that Progress has partnered “with third-party cybersecurity experts to conduct additional detailed code reviews.”

Clop Deadline Passes

Clop had set a deadline of Wednesday for paying a ransom related to the hack, according to Cybersecurity Dive.

The Clop ransomware group has taken credit for exploiting a zero-day flaw that Progress patched on May 31, which affects MOVEit Transfer and MOVEit Cloud, tracked at CVE-2023-34362. Earlier this month, CISA and the FBI put out an advisory on the MOVEit vulnerability exploitation by Clop.

Earlier this month, Progress urged MOVEit Transfer users to deploy a new patch after more vulnerabilities were uncovered in the managed file transfer tool.

TechCrunch lists the following financial services organizations as victims named by Clop on its leak site:

*1st Source

*First National Bankers BankPutnam Investments

*Landal Greenparks


Clop also named the following companies as victims:

*Energy company Shell

*The National Student Clearinghouse nonprofit

*The health insurance provider United Healthcare Student Resources

*American manufacturer Leggett & Platt

*The University System of Georgia

Georgia’s university system told CNN and TechCrunch that it is looking into the hack’s “scope and severity.”

The Minnesota Department of Education and the government of Nova Scotia confirmed data breaches in separate statements.

German mechanical engineering company Heidelberg told TechCrunch that, despite being listed as a victim, it didn’t detect any data breach.

The BBC reported that itself, British Airways and payroll services provider Zellis are among the victims.

Other major breaches so far this year include T-Mobile, ScanSource, 3CX and Barracuda.