A Russian-speaking criminal group known as CL0P breached the email addresses of 632,000 employees from the U.S. Justice and Defense departments in May, Bloomberg reported on Oct. 30 following a Freedom of Information Act request.
The report issued by the Office of Personnel Management says hackers used flaws in the file-transfer system MOVEit to gain access to wide-ranging sensitive information.
OPM has classified the May hack as a “major incident.”
Pentagon employees most impacted include officials from the Air Force, the Army, the Army Corps of Engineers, the Office of the Secretary of Defense and the Joint Staff.
U.S. airlines, universities, and other federal agencies have also been affected by Russia-linked cyberattacks.
The scale and depth of Russia-linked cyberattacks on U.S. government agencies is still unknown.
“We’ve been working closely … with the FBI and with our federal partners to understand prevalence within federal agencies,” a U.S. cybersecurity official told Politico earlier this year.