Schneider Electric, Siemens Energy listed as MOVEit hack victims

Energy sector providers investigating hacking claims by Clop gang

More than 100 organisations are now listed on Clop's site with Schneider Electric, Siemens Energy and IT services provider Cognizant among the latest

Schneider Electric said on Tuesday it is investigating after its name appeared on the dark web site of the cybercriminal group Clop, a Russian-speaking gang that has claimed responsibility for breaching dozens of organisations by exploiting a vulnerability in MOVEit file transfer software.

Clop's tactics have included posting the names of its alleged victims on its dark web site in an attempt to pressure the organisations to pay an extortion fee, purportedly to avoid the disclosure of stolen data.

The widespread cyberattack campaign has involved exploiting a critical vulnerability in MOVEit, a popular managed file transfer tool from Progress Software. More than 100 organisations have been listed on Clop's dark web site or have separately disclosed a security incident related to the MOVEit vulnerability, according to a tally by Emsisoft threat analyst Brett Callow.

In a statement provided to CRN on Tuesday, Schneider Electric confirmed that it has previously used the MOVEit product and that its security team is "currently investigating" the claim that the company has become a victim of the MOVEit attack campaign.

"On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software. We promptly deployed available mitigations to secure data and infrastructure and have continued to monitor the situation closely," the company said in the statement.

"Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities," the company said. "Our cybersecurity team is currently investigating this claim as well."

Schneider Electric, is a major technology provider in segments including power management and industrial automation.

Growing list of victims

Additional names listed on Clop's dark web site in recent days have included Siemens Energy, which reportedly confirmed that data was stolen as part of the MOVEit attacks, and global IT solution provider Cognizant.

While a series of vulnerabilities have been discovered over the past month in Progress' MOVEit tool, the original flaw (tracked at CVE-2023-34362) has seen the widest exploitation by Clop. The vulnerability can enable escalation of administrative privileges and unauthorised access, Progress has said.

Confirmed victims of the cyberattacks have included Shell, PricewaterhouseCoopers, Johns Hopkins University and Health System, British Airways and the BBC.

Three major MOVEit-related breaches—affecting millions of individuals that are served by the California Public Employees' Retirement System and by insurers Wilton Re and Genworth—stemmed from the hack of third-party vendor PBI Research Services.

Meanwhile, in the public sector, victims have included the New York City Department of Education, two US Department of Energy facilities and the state motor vehicle agencies of Louisiana and Oregon.

A version of this story first appeared on CRN.