Siemens Energy, a Munich-based energy technology company, has confirmed that data was stolen in a recent cyberattack. The attack utilized the Clop ransomware and exploited a zero-day vulnerability in the MOVEit Transfer platform.
Siemens Energy is a global company with a significant presence in the energy sector. It employs around 91,000 people and generates an annual revenue of $35 billion. The company is involved in the design, development, and manufacturing of various industrial products, including industrial control systems (ICS), advanced power generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions.
In addition to its product offerings, Siemens Energy also provides cybersecurity consulting services for the oil and gas industry. These services include assisting with incident response plans, conducting vulnerability assessments, and managing software patching.
The breach and data theft incident highlights the importance of robust cybersecurity measures in safeguarding critical infrastructure and protecting sensitive information. Siemens Energy is likely to undertake thorough investigations to understand the extent of the breach and mitigate any potential damage caused
Siemens Energy confirms breach
Siemens Energy was listed by Clop on their data leak site today, indicating that data had been stolen during a breach on the company.
As part of Clop’s extortion strategy, a company’s name is initially listed on their data leak site to apply pressure, followed by the eventual leaking of data.
At this time, no data has been leaked, as confirmed by a Siemens Energy spokesperson, but the company has been breached in the recent Clop data-theft attacks utilizing a MOVEit Transfer zero-day vulnerability, which is tracked as CVE-2023-34362.
Schneider Electric investigating
Along with Siemens Energy, Clop claim to have stolen data from MOVEit Transfer systems of another industry giant, Schneider Electric.
The French multinational company mentioned in the given context is Schneider Electric. Schneider Electric is a global company specializing in digital automation and energy management. With an annual revenue of over $37 billion, it operates in various vital industries worldwide [1].
On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting their Progress MOVEit Transfer software. The company promptly deployed available mitigations to secure data and infrastructure and has been closely monitoring the situation since then. Subsequently, on June 26th, 2023, Schneider Electric received a claim indicating that they were the victim of a cyber-attack related to the MOVEit vulnerabilities. The company’s cybersecurity team is currently investigating this claim [7].
While Schneider Electric has not verified the claims made by the Clop ransomware group, the fact that their previously disclosed breaches have been confirmed increases the likelihood of these new claims being true. The investigations are ongoing, and more information will likely be revealed as the cybersecurity team progresses
MOVEit fallout continues
The impact of Clop’s MOVEit attacks is still unfolding, as new victims are being disclosed on the gang’s website, and data published daily. These attacks have had significant consequences, affecting various companies, federal government agencies, and local state agencies. The widespread data breaches resulting from these attacks have exposed the sensitive data of millions of people.
One notable victim of Clop’s MOVEit attacks is the New York City Department of Education (NYC DOE), which recently admitted that Clop stole documents containing the sensitive personal information of up to 45,000 students[1]. This incident highlights the severity of the breaches caused by the ransomware gang.
Furthermore, on June 16th, it was revealed that millions of Oregon and Louisiana citizens had their driver’s licenses stolen in attacks carried out by the Clop ransomware gang[2]. This indicates the far-reaching impact of the attacks, affecting individuals on a large scale.
Several other victims have also disclosed data breaches related to the MOVEit Transfer attacks. These include the U.S. state of Missouri, the U.S. state of Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland’s HSE), Ofcam, the government of Nova Scotia, the American Board of Internal Medicine, and Extreme Networks[1][2][3][4][5][6][7][8][9][10]
Given the ongoing nature of the attacks and the daily publication of data by the Clop ransomware gang, it is crucial for organizations and individuals to remain vigilant and take necessary precautions to protect sensitive information. The severity and scale of these attacks underscore the importance of robust cybersecurity measures to mitigate the risk of data breaches and minimize their potential impact on individuals and entities affected by such incidents.