Schneider Electric Hit by Cactus Ransomware Attack Targeting Sustainability Division
Schneider Electric, a global leader in energy management and automation, confirmed a ransomware attack on its sustainability business division on January 17. The Cactus ransomware group claimed responsibility for the breach, which compromised the company’s EcoStruxure Resource Advisor platform a tool used by over 2,000 organizations worldwide to monitor energy and resource data.
The company acknowledged that data was accessed during the attack and has begun notifying affected customers. Schneider Electric is working to restore operations within the division over the next two days, with external cybersecurity experts assisting its internal incident response team. The investigation is ongoing, and the company has not disclosed how the attackers gained access or whether a ransom demand was made.
Cactus ransomware has rapidly gained notoriety since March 2023, frequently exploiting vulnerabilities in VPN devices and legitimate remote management tools like AnyDesk, Splashtop, and SuperOps RMM. In November, the group targeted Qlik Sense, a cloud analytics platform, in a separate exploitation campaign. The attack on Schneider Electric underscores the growing threat posed by Cactus to high-profile enterprises.
Source: https://www.cybersecuritydive.com/news/schneider-electric-ransomware-sustainability/706006/
Schneider Electric TPRM report: https://www.rankiteo.com/company/schneider-electric
"id": "sch1771194226",
"linkid": "schneider-electric",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Over 2,000 organizations',
'industry': 'Energy management and automation',
'location': 'Global',
'name': 'Schneider Electric',
'type': 'Corporation'}],
'customer_advisories': 'Notifying affected customers',
'data_breach': {'type_of_data_compromised': 'Energy and resource data'},
'date_detected': '2024-01-17',
'date_publicly_disclosed': '2024-01-17',
'description': 'Schneider Electric, a global leader in energy management and '
'automation, confirmed a ransomware attack on its '
'sustainability business division on January 17. The Cactus '
'ransomware group claimed responsibility for the breach, which '
'compromised the company’s EcoStruxure Resource Advisor '
'platform, a tool used by over 2,000 organizations worldwide '
'to monitor energy and resource data. The company acknowledged '
'that data was accessed during the attack and has begun '
'notifying affected customers. Schneider Electric is working '
'to restore operations within the division over the next two '
'days, with external cybersecurity experts assisting its '
'internal incident response team. The investigation is '
'ongoing, and the company has not disclosed how the attackers '
'gained access or whether a ransom demand was made.',
'impact': {'data_compromised': 'Yes',
'downtime': '2 days (estimated)',
'operational_impact': 'Operations within the sustainability '
'division disrupted',
'systems_affected': 'EcoStruxure Resource Advisor platform'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Cactus'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Notifying affected customers',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Restoring operations within the division',
'third_party_assistance': 'External cybersecurity experts'},
'threat_actor': 'Cactus ransomware group',
'title': 'Schneider Electric Hit by Cactus Ransomware Attack Targeting '
'Sustainability Division',
'type': 'Ransomware'}