Siemens Energy has confirmed that data was stolen in recent Clop ransomware data theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

Siemens Energy is a Munich-based energy technology company with a global presence, employing 91,000 people and having annual sales of $35 billion.

It designs, develops and manufactures a wide range of industrial products, including industrial control systems (ICS), advanced power units, heat generating units, renewable energy systems, distribution systems onsite and offsite energy systems and flexible power transmission solutions.

The company also offers a wide range of cybersecurity consulting services for the oil and gas industry, including incident response plans, vulnerability assessment and patch management.

Siemens Energy confirms infringement

Today, Clop listed Siemens Energy on its data breach site, saying data was stolen in a company breach.

As part of Clop’s extortion strategy, they first start by listing a company’s name on their data leak site to pressure, followed by the eventual data leak.

Although no data has been leaked at this time, a Siemens Energy spokesperson has confirmed that they were hacked in the recent Clop data theft attacks using a MOVEit Transfer zero-day vulnerability tracked as CVE-2023-34362.

However, Siemens Energy says no critical data was stolen and business operations were not affected.

“As far as the global data security incident is concerned, Siemens Energy is among the targets,” Siemens Energy confirmed to BleepingComputer.

“Based on current analysis, no critical data was compromised and our operations were not impacted. We took immediate action upon learning of the incident.”

Schneider Electric investigation

Along with Siemens Energy, Clop claims to have stolen data from the MOVEit Transfer systems of another industry giant, Schneider Electric.

The French multinational, with annual sales of over $37 billion, specializes in digital automation and energy management, and its products are used in a wide range of vital industries around the world entire.

“On May 30, 2023, Schneider Electric became aware of vulnerabilities affecting Progress MOVEit Transfer software. We quickly deployed available mitigations to secure data and infrastructure and continued to monitor the situation closely.” the company’s statement to BleepingComputer.

“Subsequently, on June 26, 2023, Schneider Electric was notified of a claim that we were the victim of a cyber-attack relating to MOVEit vulnerabilities.”

“Our cybersecurity team is also currently investigating this allegation.”

Although the company has not verified Clop’s claims, the validity of their previously disclosed violations increases the likelihood that the claims are true.

MOVEit fallout continues

The impact of Clop’s MOVEit attacks continues, as new victims are revealed on the gang’s website and data released daily.

The attacks affected businesses, federal government agencies and local state agencies, resulting in widespread data breaches that exposed the sensitive data of millions of people.

Yesterday, the New York City Department of Education (NYC DOE) admitted that Clop stole documents containing the sensitive personal information of up to 45,000 students.

June 16, millions of citizens of Oregon and Louisiana learned that their driver’s licenses had been stolen in attacks by the ransomware gang.

Other victims who have previously disclosed data breaches related to the MOVEit Transfer attacks include US state of MissouriTHE US state of Illinois, Zellis (as well as its customers BBC, Boots, Aer Lingus and the Irish HSE), OfcamTHE Nova Scotia governmentTHE American Board of Internal MedicineAnd Extreme networks.