According to data collected by the company GovSpend, a number of government agencies have purchased the MOVEit software, including NASA, the Treasury Department, Health and Human Services and arms of the Defense Department. But it was not clear how many agencies were actively using it.
Clop previously claimed responsibility for the earlier wave of breaches on its website.
The group stated it had “no interest” in exploiting any data stolen from governmental or police offices and had deleted it, focusing only on stolen business information.
Robert J. Carey, the president of the cybersecurity firm Cloudera Government Solutions, noted that data stolen in ransomware attacks can easily be sold to other illegal actors.
“Anyone who’s using this is likely compromised,” he said, referring to the MOVEit software.
The revelation that federal agencies were also among those affected was earlier reported by CNN.
A representative for MOVEit, which is owned by Progress Software, said the company had “engaged with federal law enforcement and other agencies” and would “combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.” The company originally identified the vulnerability in its software in May, issuing a patch, and C.I.S.A. added it to its online catalog of known vulnerabilities on June 2.