Siemens Energy, a Munich-based energy technology company, has officially confirmed a MOVEit Data-Theft Attack resulting from the recent Clop ransomware attack. The attackers exploited a zero-day vulnerability found in the MOVEit Transfer platform to gain unauthorized access to sensitive information.

Siemens Energy: A Global Presence

Siemens Energy is a leading energy technology company with a global presence, employing 91,000 people and generating an annual revenue of $35 billion. The company specializes in designing, developing, and manufacturing a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power and heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions. Additionally, Siemens Energy provides cybersecurity consulting services to the oil and gas industry, offering incident response plans, vulnerability assessments, and patch management.

Confirmation of MOVEit Data-Theft Attack by Siemens Energy

Clop, the ransomware group responsible for the attack. They list Siemens Energy on its data leak website, indicating that data was stolen during the breach. This is a common tactic employed by Clop to pressure targeted organizations before eventually leaking the compromised data. No data has been made public at this time. A spokesperson from Siemens Energy confirms that the company fell victim to the recent Clop data-theft attack. This did exploit a zero-day vulnerability known as CVE-2023-34362 in the MOVEit Transfer platform. Siemens Energy maintains that no critical data was stolen, and its business operations remained unaffected.

Siemens Energy’s Response and Investigation against MOVEit Data-Theft Attack

Upon discovering the MOVEit Data-Theft Attack, Siemens Energy took immediate action to address the global data security incident. The company is actively cooperating with investigative authorities and remains committed to safeguarding critical information and ensuring the continuity of its operations.

Schneider Electric Investigates Similar Breach

Another Target: Schneider Electric

In addition to Siemens Energy, Clop also targeted Schneider Electric, a multinational company specializing in digital automation and energy management. Schneider Electric boasts an annual revenue exceeding $37 billion and its products are widely used in various vital industries worldwide.

Schneider Electric’s Awareness and Investigation

The Schneider Electric became aware of vulnerabilities affecting the Progress MOVEit Transfer software on May 30th, 2023. In response, the company promptly implemented available mitigations to secure its data and infrastructure, closely monitoring the situation thereafter. On June 26th, 2023, Schneider Electric received a claim suggesting that it had fallen victim to a cyber attack related to the MOVEit vulnerabilities. The company’s cybersecurity team is currently investigating the claim to determine the extent of the breach.

Ongoing Fallout from MOVEit Attacks

The Impact of Clop’s Attacks

The consequences of the MOVEit attacks orchestrated by Clop are still unfolding. With new victims being disclosed on the gang’s website and sensitive data being published daily. These attacks have had far-reaching implications, impacting companies, federal government agencies, and local state agencies. As a result, numerous data breaches have occurred, exposing the sensitive data of millions of individuals.

Victims and Breaches – MOVEit Data-Theft Attack

Recent disclosures include the New York City Department of Education (NYC DOE). They admit that Clop had stolen documents containing sensitive personal information belonging to approximately 45,000 students. Moreover, citizens from Oregon and Louisiana on June 16th came to know that their driver’s licenses is in danger due to attacks carried out by the ransomware gang.

Other victims who have already reported data breaches related to the MOVEit Transfer. This includes attacks include the U.S. states of Missouri and Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland’s HSE), Ofcam, the government of Nova Scotia, the American Board of Internal Medicine, and Extreme Networks.

Continued Investigations and Remediation

As investigations into these incidents continue, the organizations are working diligently to rectify the damage. They are wroking to strengthen their security measures, and protect their stakeholders from further harm.