U.S. Department of Energy receives extortion messages caused by MOVEit attack

The U.S. Department of Energy (DOE) has received ransom demands from the hacking group Cl0p after a cyberattack that targeted nuclear waste and scientific education facilities. The DOE facilities affected were the Oak Ridge Associated Universities and the Waste Isolation Pilot Plant in New Mexico, which handles the disposal of defense-related radioactive waste.

The hackers exploited a vulnerability in the MOVEit Transfer software, a file transfer tool, to steal sensitive data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that multiple federal agencies were breached.

The DOE received individual ransom requests via email, though the exact amount demanded was not disclosed. The department has not engaged with Cl0p and is collaborating with law enforcement and CISA to investigate.

Cl0p claims that it doesn't possess any government data and promises to delete it if inadvertently acquired.