Introduction
In recent months, a series of cyberattacks has shaken organizations worldwide, affecting government agencies, states, universities, and corporations.
Among the victims are two major energy corporations, Schneider Electric and Siemens Energy, which have fallen victim to the MOVEit breach. This breach is part of an ongoing hacking campaign orchestrated by the ransomware gang known as CL0P.
The MOVEit Breach and the Vulnerability Exploitation
The MOVEit breach began in early June when the CL0P gang identified a vulnerability in MOVEit, a widely used file transfer tool developed by Progress Software. Taking advantage of this vulnerability, CL0P initiated a hacking campaign, targeting not only energy corporations but also multiple federal agencies, including entities within the Department of Energy. Furthermore, there are indications of a possible breach in the Department of Agriculture, and the Office of Personnel Management has also been affected.
Siemens Energy’s Response
Siemens Energy, one of the largest vendors in industrial control systems, confirmed that it was targeted by the MOVEit breach. However, based on their current analysis, no critical data has been compromised, and their operations remain unaffected. Siemens Energy took immediate action upon discovering the incident, demonstrating its commitment to data security.
Schneider Electric’s Investigation
Schneider Electric, another major player in the industrial control systems market, became aware of the vulnerability on May 30. They promptly deployed available mitigations to secure their data and infrastructure, closely monitoring the situation. On June 26, 2023, Schneider Electric was made aware of a claim linking them to the MOVEit cyber-attack. Their cybersecurity team is actively investigating this claim to gain a better understanding of the incident.
The Scope of the Hacking Campaign
Since CL0P began publicizing its victims, it has become apparent that state and local governments have been heavily affected by the hacking campaign. At least seven governments, including the California Public Employees’ Retirement System, the nation’s largest public-employee pension fund, have fallen victim to the attacks. Furthermore, over the weekend, approximately 45,000 New York City public school students had their personal data, including Social Security numbers, stolen.
Understanding the Motives behind the MOVEit Breach
According to Cybersecurity and Infrastructure Security Agency Director Jen Easterly, the MOVEit campaign appears to be largely opportunistic. The hackers are primarily targeting information stored within the file transfer application at the time of intrusion. This indicates that the stolen files may be limited to the data available within the software during the exploitation of the vulnerability.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.