Hackers have accessed approximately 632,000 emails from the Department of Defense and other federal agencies this year, the US Office of Personnel Management (OPM) confirmed.
The report detailed a large-scale cyberattack in May 2023 in which emails from US government offices, private sectors, airlines, and academic entities were accessed by a suspected Russian group called “CL0P.”
Alongside electronic personal data, the actors breached internal tracking codes and government employee survey links issued by agencies.
Through File Transfer Software
The cybercriminals leveraged a file-transferring tool called MOVEIt to obtain the information, a report from Bloomberg stated.
The software is used by Maryland-based Westat, a management services firm partnered with OPM to distribute employee surveys.
Defense employees affected by the disruption include officials from the US Army, the Army Corps of Engineers, the US Air Force, the Joint Chiefs of Staff, and the Office of the Secretary of Defense.
Bloomberg said that although the agencies have confirmed the May breach, it is still unclear how extensive the attack was, with OPM saying the compromised data is “generally of low sensitivity” and not tagged as classified.
Meanwhile, the entirety of the OPM report, which the media outlet acquired through a Freedom of Information Act request, characterized the attack as a “major incident.”
CL0P Attacks in May
After its campaign earlier this year, CL0P took credit and named several companies it had attacked.
The US Cybersecurity & Infrastructure Security Agency (CISA) immediately published an advisory warning of the group and their recent exploits in June.
The same month, the Oregon Department of Transportation said that around 3.5 million local residents had their personal information leaked online due to CL0P attacks.
Information included physical addresses, dates of birth, social security numbers, and other information that can be found in an identity card such as a driver’s license.