Exclusive: US government agencies hit in global cyberattack

Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software, according to a top US cybersecurity agency.

The US Cybersecurity and Infrastructure Security Agency "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. "We are working urgently to understand impacts and ensure timely remediation."

It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.

The Department of Energy was among the multiple federal agencies breached in the ongoing global hacking campaign, a department spokesperson confirmed to CNN, adding that the department "took immediate steps" to mitigate the impact of the hack after learning that records from two department "entities" had been compromised.

"The Department has notified Congress and is working with law enforcement, CISA [the US Cybersecurity and Infrastructure Security Agency], and the affected entities to investigate the incident and mitigate impacts from the breach," the spokesperson said in a statement.

A source familiar with the investigation told CNN that one of the Department of Energy victims is a contractor for Oak Ridge National Laboratory, which was first reported by Federal News Network.

A CISA spokesperson had no comment when asked by CNN who carried out the hack of federal agencies and how many have been affected.