Schneider Electric

In June 2023, Schneider Electric, a global leader in digital automation and energy management, fell victim to a **Clop ransomware attack** exploiting a **zero-day vulnerability** in Progress Software’s **MOVEit Transfer** tool. The breach was part of a broader campaign targeting over 100 organizations, including Siemens Energy, Cognizant, Shell, PwC, and British Airways. Clop listed Schneider Electric on its dark web site, threatening to disclose stolen data unless extortion demands were met. While Schneider Electric implemented mitigation measures, the gang claimed to have exfiltrated company data, raising concerns over potential exposure of sensitive corporate and customer information. The incident highlighted critical gaps in third-party software security and the cascading risks of supply-chain attacks. Schneider Electric emphasized the need for **proactive cybersecurity strategies** and **rapid incident response** to contain such threats, though the full scope of data compromise—whether limited to internal systems or extending to customer records—remained undisclosed in public reports.

Source: https://www.crn.com/news/security/schneider-electric-probing-moveit-claim-by-cybercrime-group

TPRM report: https://www.rankiteo.com/company/schneider-electric

"id": "sch710092025",
"linkid": "schneider-electric",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': ['digital automation', 'energy management'],
                        'location': 'France (global operations)',
                        'name': 'Schneider Electric',
                        'size': 'large',
                        'type': 'multinational corporation'},
                       {'industry': 'energy',
                        'name': 'Siemens Energy',
                        'type': 'multinational corporation'},
                       {'industry': 'IT services',
                        'name': 'Cognizant',
                        'type': 'multinational corporation'},
                       {'industry': 'oil and gas',
                        'name': 'Shell',
                        'type': 'multinational corporation'},
                       {'industry': 'consulting',
                        'name': 'PwC',
                        'type': 'professional services firm'},
                       {'industry': 'aviation',
                        'name': 'British Airways',
                        'type': 'airline'}],
 'attack_vector': 'exploitation of zero-day vulnerability in MOVEit Transfer '
                  'software',
 'data_breach': {'data_exfiltration': True},
 'date_detected': '2023-06',
 'date_publicly_disclosed': '2023-06',
 'description': 'In June 2023, Schneider Electric, a multinational company '
                'specializing in digital automation and energy management, was '
                'targeted by the Clop ransomware gang in France. The attack '
                'exploited a zero-day vulnerability in the MOVEit Transfer '
                'software, developed by Progress Software. Clop listed '
                'Schneider Electric and other companies, including Siemens '
                'Energy and Cognizant, on its darkweb site, pressuring them to '
                'pay extortion fees to avoid data disclosure. Despite '
                "Schneider Electric's efforts to mitigate the vulnerability, "
                "Clop claimed to have stolen data from the company's systems. "
                'The MOVEit vulnerability has led to breaches in over 100 '
                'organizations, including Shell, PwC, and British Airways. '
                "Schneider Electric's response highlighted the importance of "
                'proactive cybersecurity measures and rapid incident response. '
                'The incident underscores the widespread impact of the MOVEit '
                'vulnerability, affecting various organizations globally.',
 'impact': {'brand_reputation_impact': True, 'data_compromised': True},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'entry_point': 'MOVEit Transfer zero-day '
                                          'vulnerability'},
 'lessons_learned': 'The incident underscores the importance of proactive '
                    'cybersecurity measures, rapid incident response, and the '
                    'widespread impact of zero-day vulnerabilities in '
                    'third-party software like MOVEit Transfer.',
 'motivation': ['financial extortion', 'data theft'],
 'post_incident_analysis': {'root_causes': ['exploitation of unpatched '
                                            'zero-day vulnerability in '
                                            'third-party software (MOVEit '
                                            'Transfer)']},
 'ransomware': {'data_exfiltration': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Clop'},
 'recommendations': ['patch management',
                     'third-party risk assessment',
                     'proactive threat hunting',
                     'incident response readiness'],
 'response': {'containment_measures': ['vulnerability mitigation'],
              'incident_response_plan_activated': True},
 'threat_actor': 'Clop ransomware gang',
 'title': 'Schneider Electric Ransomware Attack via MOVEit Zero-Day '
          'Vulnerability',
 'type': ['ransomware', 'data breach'],
 'vulnerability_exploited': 'CVE-unknown (MOVEit Transfer zero-day)'}

Schneider Electric

Asahi Group Holdings

Crisis24 (OnSolve CodeRED)

OnSolve (Crisis24)