German energy giant Siemens Energy and the University of California, Los Angeles (UCLA) were listed on the Russia-linked ransomware syndicate‘s dark web blog. Siemens told Cybernews it “is among the targets,” while UCLA said the hack is “not a ransomware incident.”
The Cl0p ransomware cartel listed both organizations as the latest victims of the MOVEit transfer hacks. By exploiting the now-fixed bug, attackers were able to access and download the data stored there.
In a reply to Cybernews, Siemens Energy said its “among the targets,” but there are no indication any data has been compromised.
“Based on the current analysis, no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident,” Siemens Energy spokesperson told Cybernews.
“Based on the current analysis, no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident.”Siemens Energy spokesperson said.
UCLA also confirmed to Cybernews the company was indeed affected by the MOVEit transfer hack. On June 1 the university that “on May 28, 2023 the vulnerability was illegally used by an unauthorized third party to gain access to UCLA’s MOVEit platform.”
UCLA’s representative explained that the university activated its incident response procedures and fixed the MOVEit bug using a patch that Progress Software issued to address the bug.
“The university notified the FBI and worked with external cybersecurity experts to investigate the matter and determine what happened, what data was impacted and to whom the data belongs. All of those who have been impacted have been notified. This is not a ransomware incident. There is no evidence of any impact to any other campus systems,” UCLA said in a statement.
Cl0p’s posts do not reveal what type of data could have been accessed or the potential size of stolen datasets. However, organizations typically use the MOVEit service to send and receive files, which means attackers could have access to sensitive data.
Siemens Energy split from the German conglomerate Siemens AG in 2020 and operates as a separate entity. Before the split, the company served as a Siemens gas and power division. Siemens Energy reported revenue of €29 billion ($31.7) in 2022.
UCLA is a leading US-based research university enjoying over $5 billion in endowments. 27 Nobel prize laureates are alumni of UCLA.
Why is the MOVEit zero-day important?
The Cl0p ransomware gang has taken credit for exploiting the MOVEit zero-day bug. They claim to have breached hundreds of companies in the process. Experts we’ve spoken to say that around 3,000 deployments of the MOVEit application were active when the flaw was first discovered.
Cl0p has been posting victims’ names on their dark web leak site since June 14th, with Shell Global, Telos, Norton LifeLock, California Public Employees’ Retirement System (CalPERS), PWC, Ernst & Young, Sony, and tens of others listed so far.
Cl0p operates under the Ransomware-as-a-Service (RaaS) mode, which means it rents the software to affiliates for a pre-agreed cut of the ransom payment.
The gang employs the “double-extortion” technique of stealing and encrypting victim data, refusing to restore access, and publishing exfiltrated data into its data leak site if the ransom is not paid.
Updated on June 27 [11:50 AM GMT] with a statement from Siemens Energy.
More from Cybernews:
Subscribe to our newsletter