Russian cybercriminals launched a global cyberattack that hit several federal government agencies, reports CNN. The attack exploited a vulnerability in widely used software. The federal Cybersecurity and Infrastructure Security Agency (CISA) “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” said Eric Goldstein, a top cybersecurity agency official. A senior CISA official said “several hundred” companies and organizations in the U.S. could be affected by the attack. The ransomware gang allegedly responsible, Clop, is known to demand multimillion-dollar ransoms, but no ransoms of federal agencies have been made so far.

CISA’s response comes as Progress Software, the firm that makes the software exploited by the hackers, said it had discovered a second vulnerability in the code that the company was working to fix. The Department of Energy is among multiple federal agencies breached in the ongoing global hacking campaign. The hacks have not had any “significant impacts” on federal civilian agencies, CISA Director Jen Easterly said. The news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major universities and state governments. The Russian hackers were the first to exploit the MOVEit vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.