Schneider Electric's Sustainability division suffers a major breach by Cactus ransomware. Attackers claim to have stolen 1.5TB of sensitive data.

Continue reading
Cactus ransomware recently targeted Schneider Electric's Sustainability Business division, posing a critical threat to the energy management and automation giant.
On January 17th, Cactus ransomware infiltrated Schneider Electric's network, compromising its Sustainability Business division. The attackers exfiltrated approximately 1.5TB of data, including sensitive information about industrial control systems and environmental compliance.
Cactus ransomware employs double-extortion tactics, leveraging stolen data to extort ransom payments. The group gains access to networks through various means, including phishing attacks, exploiting vulnerabilities, and purchasing credentials. Once inside, they move laterally to exfiltrate data and encrypt files, demanding payment for decryption keys and non-disclosure of stolen information.
The breach has severe implications for Schneider Electric and its clients. The compromised data may include proprietary information, customer records, and compliance documentation, posing risks of regulatory penalties and reputational damage. Moreover, the ransomware gang's threat to leak stolen data exacerbates the situation, potentially leading to legal and financial repercussions.
While, this is definitely not the first time Schneider Electric has been targeted in a cyberattack, earlier to this Rockwell Automation has also discovered multiple security flaws affecting products from Schneider Electric
This attack aligns with a concerning trend in ransomware operations targeting critical infrastructure and large corporations. Schneider Electric's previous encounter with Cl0p ransomware underscores the persistent threat landscape faced by multinational enterprises. Furthermore, the MOVEit incident involving Cl0p ransomware highlights the cascading effects of supply chain vulnerabilities.
Schneider Electric has initiated remediation efforts to restore affected systems and mitigate further damage. Collaboration with security firms and law enforcement agencies is crucial for conducting forensic analysis and pursuing legal actions against the perpetrators. Additionally, implementing Secure by Design and Secure by Default principles can enhance resilience against future attacks.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been