Schneider Electric Probing MOVEit Claim By Cybercrime Group
Schneider Electric, along with companies including Cognizant, have been listed in recent days on the darkweb site of the Russian-speaking cybercriminal gang Clop.
Schneider Electric said Tuesday it is investigating after its name appeared on the darkweb site of the cybercriminal group Clop, a Russian-speaking gang that has claimed responsibility for breaching dozens of organizations by exploiting a vulnerability in the MOVEit file transfer software.
Clop’s tactics have included posting the names of its alleged victims on its darkweb site in an attempt to pressure the organizations to pay an extortion fee, purportedly to avoid the disclosure of stolen data.
[Related: PwC: ‘Limited’ Client Data Impacted In MOVEit Cyberattacks]
The widespread cyberattack campaign has involved exploiting a critical vulnerability in in MOVEit, a popular managed file transfer tool from Progress . More than 100 organizations have been listed on Clop’s darkweb site or have separately disclosed a security incident related to the MOVEit vulnerability, according to a tally by Emsisoft threat analyst Brett Callow.
In a statement provided to CRN Tuesday, Schneider Electric confirmed that it has previously used the MOVEit product and that its security team is “currently investigating” the claim that the company has become a victim of the MOVEit attack campaign.
“On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software. We promptly deployed available mitigations to secure data and infrastructure and have continued to monitor the situation closely,” the company said in the statement.
“Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities,” the company said. “Our cybersecurity team is currently investigating this claim as well.”
Schneider Electric, a major technology provider in segments including power management and industrial automation, has been awarded a 5-star rating in the CRN Partner Program Guide for a number years.
Growing List Of Victims
Additional names listed on Clop’s darkweb site in recent days have included Siemens Energy, which reportedly confirmed that data was stolen as part of the MOVEit attacks, and global IT solution provider Cognizant.
Cognizant, No. 6 on CRN’s Solution Provider 500 for 2023, and a past victim of a high-profile ransomware campaign in 2020, did not respond to multiple messages Tuesday.
While a series of vulnerabilities have been discovered over the past month in Progress’ MOVEit tool, the original flaw (tracked at CVE-2023-34362) has been pinpointed as the source of Clop’s attacks. The vulnerability can enable escalation of administrative privileges and unauthorized access, Progress has said.
Confirmed victims of the cyberattacks have included Shell, PricewaterhouseCoopers, Johns Hopkins University and Health System, British Airways and the BBC.
Three major MOVEit-related breaches—affecting millions of individuals that are served by the California Public Employees’ Retirement System and by insurers Wilton Re and Genworth—stemmed from the hack of third-party vendor PBI Research Services.
Meanwhile, in the public sector, victims have included the New York City Department of Education, two U.S. Department of Energy facilities and the state motor vehicle agencies of Louisiana and Oregon.
There’s currently no evidence that the other recently identified MOVEit vulnerabilities (CVE-2023-35708 and CVE-2023-35036) have been exploited, Progress said in a statement to CRN.