Siemens Energy confirms data breach after MOVEit data-theft attack

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

Siemens Energy is a Munich-based energy technology company with a global presence, employing 91,000 people and having an annual revenue of $35 billion.

It designs, develops, and manufactures a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions.

The company also provides a wide range of cybersecurity consulting services for the oil and gas industry, including incident response plans, vulnerability assessment, and patch management.

Siemens Energy confirms breach

Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.

As part of Clop's extortion strategy, they first begin listing a company's name on their data leak site to apply pressure, followed by the eventual leaking of data.

While no data has been leaked at this time, a Siemens Energy spokesperson confirmed that they were breached in the recent Clop data-theft attacks utilizing a MOVEit Transfer zero-day vulnerability tracked as CVE-2023-34362.

However, Siemens Energy says that no critical data was stolen, and business operations were not impacted.

"Regarding the global data security incident, Siemens Energy is among the targets," confirmed Siemens Energy to BleepingComputer.

"Based on the current analysis no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident."

Schneider Electric investigating

Along with Siemens Energy, Clop claim to have stolen data from MOVEit Transfer systems of another industry giant, Schneider Electric.

The French multinational company, with an annual revenue of over $37 billion, specializes in digital automation and energy management, and its products are used in a broad range of vital industries worldwide.

"On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software. We promptly deployed available mitigations to secure data and infrastructure and have continued to monitor the situation closely," mentions the firm's statement to BleepingComputer.

"Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities."

"Our cybersecurity team is currently investigating this claim as well."

While the company has not verified Clop's claims, the validity of their previously disclosed breaches raises the likelihood of the claims being true.

MOVEit fallout continues

The impact of Clop's MOVEit attacks is still unfolding, as new victims are being disclosed on the gang's website, and data published daily.

The attacks have impacted companies, federal government agencies, and local state agencies, leading to widespread data breaches that have exposed the sensitive data of millions of people.

Yesterday, The New York City Department of Education (NYC DOE) admitted that Clop stole documents containing the sensitive personal information of up to 45,000 students.

On June 16th, millions of Oregon and Louisiana citizens learned that their driver's licenses had been stolen in attacks carried out by the ransomware gang.

Other victims that already disclosed data breaches related to the MOVEit Transfer attacks include the U.S. state of Missouri, the U.S. state of Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland's HSE), Ofcam, the government of Nova Scotia, the American Board of Internal Medicine, and Extreme Networks.