Schneider Electric; Siemens Energy; the University of California, Los Angeles (UCLA); Werum, a pharmaceutical technology provider; and AbbVie, a biopharmaceutical company, are the five latest organizations identified on the Cl0p ransomware group’s Dark Web data leak site as victims of MOVEit cyberattacks.

Threat actor directory organization Falcon Feeds monitors the Cl0p ransomware leak site and released the latest list to Twitter today.

Last Saturday, the New York City Department of Education (DoE) revealed it was also the victim of a MOVEit cyberattack, resulting the in unauthorized access of around 19,000 documents affecting 45,000 students.

“The FBI is investigating the broader breach that has impacted hundreds of entities; we are currently cooperating with both the NYPD and FBI as they investigate,” the DoE announcement of the breach said. “Given that review and investigation are ongoing, we are limited in terms of additional details at this point.”

MOVEit File Flaw

Progress Software’s MOVEit file transfer software zero-day vulnerability was discovered May 31 and traced back to the Russian ransomware group Cl0p. But before the zero-day bug could be patched, Cl0p already had its foothold in target systems.

The ransomware group reportedly sat on the MOVEit file transfer vulnerability for two years before it started to actively target victims including the BBC, British Airways, and the government of Nova Scotia.

Subsequent MOVEit victims emerged later, including Gen Digital, parent company of Avast and Norton.