In the ever-expanding MOVEit Transfer vulnerability, Schneider Electric suffered a hit from the Clop ransomware group.

Clop group added five new victims of MOVEit attacks to its dark web leak site, in addition to Schneider they added Siemens Energy along with werum.com, UCLA, and Abbie. The attackers claim to have hacked hundreds of companies by exploiting the MOVEit Transfer vulnerability (CVE-2023-34362), disclosed earlier this month.

MOVEit Transfer is a managed file transfer used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can end up exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

“On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software. We promptly deployed available mitigations to secure data and infrastructure and have continued to monitor the situation closely,” the company said in a statement.

“Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities,” the company said. “Our cybersecurity team is currently investigating this claim as well.”

Schneider Bold

Microsoft credited the Clop ransomware group for the campaign that exploits the Zero Day vulnerability, in the MOVEit Transfer platform.

Other victims of the ransomware attacks exploiting the MOVEit Transfer vulnerability are the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester, and Gen Digital.

The U.S. government is offering up to a $10 million bounty for information linking Clop ransomware gang or any other threat actors targeting U.S. critical infrastructure to a foreign government.

ISSSource

Pin It on Pinterest

Share This