Bloomberg — citing the US Office of Personnel Management (OPM) — reported on Monday that a Russian-speaking criminal group is responsible for a large-scale cyberattack earlier this year that hacked the email addresses of around 632K employees from the Justice and Defense departments.
The hackers targeted vulnerabilities in the widely used file-transfer software called MOVEit to reportedly compromise several areas within the Defense Department, including the Air Force, Army, US Army Corps of Engineers, Office of the Secretary of Defense, and Joint Staff and Defense Agencies.
While CLoP appears to be primarily interested in extorting money from its victims rather than undermining national security, the US must work to bring charges against all cyber criminals. It's no secret that Russia — alongside the likes of Iran and China — has been attempting to undermine US cybersecurity, and with the 2024 election cycle getting ever closer, it's paramount that Washington sends the message that it won't tolerate such behavior.
It's no surprise that Russian hackers would target the US, given that multiple Western countries, particularly Ukraine with the help of Washington, have attacked the Russian government in a similar manner. Furthermore, the West has also likely supported unofficial, criminal cyberattacks against Moscow. NATO is the one pushing this war into the cybersphere, but what it should really worry about is when its own hackers will eventually turn against it.