Pierluigi Paganini June 27, 2023

Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy.

The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide Industrial Control Systems (ICS) that are used in critical national infrastructure worldwide.

Below is the list of victims added to the group’s leak site:

• werum.com
• Schneider Electric (http://se.com)
• Siemens Energy (http://siemens-energy.com)
• UCLA (http://ucla.edu)
• Abbie (http://abbvie.com)

For the uninitiated, Schneider Electric and Siemens Energy are two more notable victims as they are very large Industrial Control System (#ICS) vendors. Products are used in critical national infrastructure (#CNI) worldwide. https://t.co/2mnhWMoo6s

— Will (@BushidoToken) June 27, 2023

The following table from the DRM – Dashboard Ransomware Monitor shows the list of victims recently added by the cybercrime gang to its leak site:

Threat actors claim to have hacked hundreds of companies by exploiting the recently disclosed MOVEit Transfer vulnerability CVE-2023-34362.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

The Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester, and Gen Digital.

The US goverment is offering up to a $10 million bounty for information linking CL0P Ransomware Gang or any other threat actors targeting U.S. critical infrastructure to a foreign government.

The bounty is covered by the U.S. State Department’s Rewards for Justice program.

The U.S. State Department’s Rewards for Justice (RFJ) program is a government counterterrorism rewards program that offers monetary rewards for information leading to the prevention, disruption, or conviction of individuals involved in acts against U.S. interests.

The US government offers rewards for information that leads to the arrest, conviction, or location of threat actors.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MOVEit)