Siemens Energy, a Munich-based energy technology company, has confirmed a data breach resulting from recent Clop ransomware attacks that exploited a zero-day vulnerability in the MOVEit Transfer platform. Siemens Energy, a global player with 91,000 employees and an annual revenue of $35 billion, is involved in designing, developing, and manufacturing industrial products, including industrial control systems, renewable energy systems, and power transmission solutions.
While Clop listed Siemens Energy on its data leak site as part of its extortion strategy, no data has been leaked yet. Siemens Energy assures that no critical data was compromised, and its business operations were not affected by the breach.
Clop, known for its data-theft attacks, claims to have stolen data from MOVEit Transfer systems of another major company, Schneider Electric. The French multinational company, specializing in digital automation and energy management with an annual revenue of over $37 billion, acknowledged vulnerabilities in the Progress MOVEit Transfer software. Schneider Electric promptly deployed mitigations upon learning of the vulnerabilities on May 30, 2023.
However, on June 26, 2023, the company was made aware of a claim by Clop stating that they were a victim of a cyberattack related to MOVEit vulnerabilities. Schneider Electric is currently investigating the claim, and while they have not verified it, the credibility of Clop’s previous disclosures raises concerns about the potential validity of the latest claims.
