Connect with us

Hi, what are you looking for?



Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

MOVEit hack impact

Energy giants Schneider Electric and Siemens Energy have confirmed being targeted by a ransomware group in the recent campaign exploiting a vulnerability in Progress Software’s MOVEit managed file transfer (MFT) software.

The Cl0p ransomware group claims to have exploited a MOVEit zero-day vulnerability to access the files of hundreds of organizations that had been using the MFT product. Several major companies have confirmed being hit and the cybercriminals have started naming victims that refuse to pay up. 

This week, the hackers added over a dozen more alleged victims to their leak website. Germany-based Siemens Energy, a spinoff of Siemens’ energy business, and France-based automation and energy management giant Schneider Electric are among the companies named this week on the Cl0p site.

Siemens Energy has confirmed for SecurityWeek that it’s among the targets of the MOVEit attack and said it took immediate action in response to the incident.

“Based on the current analysis no critical data has been compromised and our operations have not been affected,” the company said in an emailed statement. 

Schneider Electric told SecurityWeek that the company became aware of the MOVEit software zero-day on May 30 and promptly deployed mitigations to secure data and infrastructure. 

“Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities. Our cybersecurity team is currently investigating this claim as well,” the company said.

Advertisement. Scroll to continue reading.

Other major organizations listed recently by Cl0p on its leak website include Sony, EY, PwC, Cognizant, AbbVie and UCLA, but it’s unclear if all of them have been targeted in the MOVEit attack. SecurityWeek has reached out to each of them for comment. 

The attackers have started leaking data allegedly stolen from energy giant Shell, which has confirmed being targeted in the MOVEit attack. SecurityWeek has reached out to Shell as well. 

Some evidence suggests that the cybercriminals have known about the MOVEit zero-day vulnerability since 2021, but mass attacks only started in late May 2023. 

While some government organizations have also confirmed being impacted, the hackers claim they have deleted all the data obtained from such entities, noting that they are financially motivated and “do not care about politics”. They allegedly deleted data obtained from more than 30 government and government-related organizations. 

The cybercriminals also claim on their website that they are the only group to have exploited the zero-day before it was patched and they are the only ones in possession of the data obtained as a result of the attack. 

UPDATE: EY and UCLA have responded to SecurityWeek’s request for comment. Their response has been included in a follow-up article focusing on the number of known victims.

Related: Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack

Related: MOVEit Customers Urged to Patch Third Critical Vulnerability

Related: New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...