The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide Industrial Control Systems (ICS) that are used in critical national infrastructure worldwide.
Below is the list of victims added to the group’s leak site:
For the uninitiated, Schneider Electric and Siemens Energy are two more notable victims as they are very large Industrial Control System (#ICS) vendors. Products are used in critical national infrastructure (#CNI) worldwide. 🏭⚠️ https://t.co/2mnhWMoo6s— Will (@BushidoToken) June 27, 2023
The following table from the DRM – Dashboard Ransomware Monitor shows the list of victims recently added by the cybercrime gang to its leak site:
MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.
The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester, and Gen Digital.
The US goverment is offering up to a $10 million bounty for information linking CL0P Ransomware Gang or any other threat actors targeting U.S. critical infrastructure to a foreign government.
The bounty is covered by the U.S. State Department’s Rewards for Justice program.
The U.S. State Department’s Rewards for Justice (RFJ) program is a government counterterrorism rewards program that offers monetary rewards for information leading to the prevention, disruption, or conviction of individuals involved in acts against U.S. interests.
The US government offers rewards for information that leads to the arrest, conviction, or location of threat actors.
(SecurityAffairs – hacking, MOVEit)