UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks

Schneider Electric; Siemens Energy; the University of California at Los Angeles (UCLA); Werum, a pharmaceutical technology provider; and AbbVie, a biopharmaceutical company, are the five latest organizations identified on the Cl0p ransomware group's Dark Web data leak site as victims of MOVEit cyberattacks.

Threat actor directory organization Falcon Feeds monitors the Cl0p ransomware leak site and released the latest list to Twitter today.

For its part, UCLA uses MOVEit Transfer to transfer files across the campus and to other entities. In a statement to Dark Reading, the university noted that it discovered the attack on May 28, after which it "immediately activated its incident response procedures, fixed the vulnerability using the security patch issued by Progress Software, and enhanced monitoring of the system."

The statement continues, "the university notified the FBI and worked with external cybersecurity experts to investigate the matter and determine what happened, what data was impacted and to whom the data belongs. Those who have been impacted have been notified. This is not a ransomware incident. There is no evidence of any impact to any other campus systems."

Last Saturday, the New York City Department of Education (DoE) revealed it was also the victim of a MOVEit cyberattack, resulting the in unauthorized access of around 19,000 documents affecting 45,000 students.

"The FBI is investigating the broader breach that has impacted hundreds of entities; we are currently cooperating with both the NYPD and FBI as they investigate," the DoE announcement of the breach said. "Given that review and investigation are ongoing, we are limited in terms of additional details at this point."

MOVEit File Flaw

Progress Software's MOVEit file transfer software zero-day vulnerability was discovered May 31 and traced back to the Russian ransomware group Cl0p. But before the zero-day bug could be patched, Cl0p already had its foothold in target systems.

The ransomware group reportedly sat on the MOVEit file transfer vulnerability for two years before it started to actively target victims including the BBC, British Airways, and the government of Nova Scotia.

Subsequent MOVEit victims emerged later, including Gen Digital, parent company of Avast and Norton.