Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.
Siemens Energy is a Munich-based energy technology company with a global presence, employing 91,000 people and having an annual revenue of $35 billion.
It designs, develops, and manufactures a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions.
The company also provides a wide range of cybersecurity consulting services for the oil and gas industry, including incident response plans, vulnerability assessment, and patch management.
Siemens Energy confirms breach
Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.
As part of Clop's extortion strategy, they first begin listing a company's name on their data leak site to apply pressure, followed by the eventual leaking of data.
While no data has been leaked at this time, a Siemens Energy spokesperson confirmed that they were breached in the recent Clop data-theft attacks utilizing a MOVEit Transfer zero-day vulnerability tracked as CVE-2023-34362.
However, Siemens Energy says that no critical data was stolen, and business operations were not impacted.
"Regarding the global data security incident, Siemens Energy is among the targets," confirmed Siemens Energy to bleepingcomputer[.]
"Based on the current analysis no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident."
Source - BleepingComputers
Siemens Energy is a Munich-based energy technology company with a global presence, employing 91,000 people and having an annual revenue of $35 billion.
It designs, develops, and manufactures a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions.
The company also provides a wide range of cybersecurity consulting services for the oil and gas industry, including incident response plans, vulnerability assessment, and patch management.
Siemens Energy confirms breach
Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.
As part of Clop's extortion strategy, they first begin listing a company's name on their data leak site to apply pressure, followed by the eventual leaking of data.
While no data has been leaked at this time, a Siemens Energy spokesperson confirmed that they were breached in the recent Clop data-theft attacks utilizing a MOVEit Transfer zero-day vulnerability tracked as CVE-2023-34362.
However, Siemens Energy says that no critical data was stolen, and business operations were not impacted.
"Regarding the global data security incident, Siemens Energy is among the targets," confirmed Siemens Energy to bleepingcomputer[.]
"Based on the current analysis no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident."
Source - BleepingComputers