The Clop ransomware organization has uploaded five more victims of MOVEit attacks to its dark web leak site. Among these victims are industrial behemoths such as Schneider Electric and Siemens Energy. Industrial Control Systems (ICS) are a product that is supplied by both Schneider Electric and Siemens Energy. These ICS are used in vital national infrastructure all over the globe.
Threat actors claim that they have compromised the systems of hundreds of businesses by taking advantage of the MOVEit Transfer vulnerability that was only recently made public (CVE-2023-34362).
MOVEit Transfer is a managed file transfer that allows businesses to securely transfer files by using SFTP, SCP, and HTTP-based uploads. This feature is utilized by MOVEit Transfer.
It is possible for an unauthenticated attacker to exploit the SQL injection vulnerability in order to obtain unauthorized access to the database that is used by MOVEit Transfer. The Cl0p ransomware group has claimed responsibility for exploiting the zero-day vulnerability in MOVEit. They claim that throughout this process, they broke into hundreds of different businesses. According to the specialists, there were around 3,000 active installations of the MOVEit program when the vulnerability was initially detected.
Since the 14th of June, Cl0p has been publishing the names of victims on the leak site that they have on the dark web. So far, the names of Shell Global, Telos, Norton LifeLock, California Public Employees’ Retirement System (CalPERS), PWC, Ernst & Young, Sony, and tens of other companies have been posted.
Ransomware-as-a-Service, or RaaS, is the style of operation that Cl0p uses. This implies that it leases the malware to affiliates in exchange for a certain percentage of the ransom payment.
The criminal organization uses a strategy known as “double extortion,” in which they steal and encrypt the data of their victims, refuse to restore access to the data, then publish the exfiltrated data on their data leak site if the ransom is not paid.
The United States government is offering a reward of up to ten million dollars to anybody who can provide evidence connecting the CL0P Ransomware Gang or any other threat actors that target vital infrastructure in the United States to a foreign government.
The reward is being offered under the Rewards for Justice program run by the United States Department of State.
In a response, Schneider said that the company was “currently investigating this claim.” Abbvie did not provide a remark right away. The communication was not immediately responded to by Cl0p.
The Federal Bureau of Investigation issued a statement in which it claimed it was “aware of and investigating the recent exploitation of a MOVEit vulnerability by malicious ransomware actors.”
Both Siemens and UCLA have only released a limited amount of additional information on the nature and extent of the data breaches. Siemens has said that none of its vital data has been hacked, and the company’s operations have not been disrupted in any way. According to a statement released by UCLA, the university’s campus systems were not disrupted, and “all of those who have been impacted have been notified.”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.