Moveit hack: US agencies, banks and universities among latest victims

16 Jun 2023

Image: © Jaruwan photo/

The US department of energy, John Hopkins University and UK energy giant Shell have all been affected by the Moveit hack orchestrated by Clop.

It has emerged that several US state agencies, banks and universities are the latest known victims of the Moveit hack that has also affected many across Ireland and the UK last week.

Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), told reporters yesterday (15 June) that the breach has not had any “significant impacts” on federal civilian agencies and that the hackers have been “largely opportunistic” in their attack.

“Although we are very concerned about this campaign, this is not a campaign like SolarWinds that poses a systemic risk,” Easterly said, referring to the 2021 hack that saw several US agencies breached.

First revealed last week, the hack has impacted big brands across the UK and Ireland including Boots, British Airways and the BBC. It emerged after hackers exploited a vulnerability in the widely used file transfer service Moveit.

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.

The so-called Clop team took responsibility for the breach in an email to Reuters, claiming “it was our attack” and that victims who refused to pay the ransom would be named on the website.

Among the latest known victims of the Moveit hack are the US department of energy, several US banks, universities including John Hopkins and the University System of Georgia, as well as UK-based energy giant Shell. CISA said the total number of US victims could be in the “hundreds”.

A Moveit spokesperson told last week that the company took swift action upon discovering the vulnerability by launching an investigation and alerting customers about the issue.

“We disabled web access to Moveit Cloud to protect our cloud customers, developed a security patch to address the vulnerability, made it available to our Moveit Transfer customers and patched and re-enabled Moveit Cloud, all within 48 hours,” the spokesperson said.

“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures. We have engaged with federal law enforcement and other agencies with respect to the vulnerability.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic