Ransomware

Cactus Ransomware Group Confirms Hacking Schneider Electric

Cactus ransomware has added Schneider Electric to its leak site, claiming to have stolen 1.5 terabytes of data.

February 20, 2024

The Cactus ransomware gang has claimed responsibility for the cyberattack that French industrial giant Schneider Electric disclosed at the end of January.

The incident, the company said at the time, was discovered on January 17 and only impacted its Sustainability Business division, resulting in severed access to Resource Advisor and other systems used by the division.

Schneider Electric has since updated its incident notification to say that it has restored access to the impacted systems and that the attackers exfiltrated certain Sustainability Business data.

Initial reports suggested that the Cactus ransomware group might have orchestrated the attack, and the suspicions have been confirmed, after the gang listed the French giant on its Tor-based leak website.

According to Cactus, roughly 1.5 terabytes of data were exfiltrated from Schneider Electric’s systems. The ransomware gang has published a small set of allegedly stolen data, including copies of passports and non-disclosure agreements, and is threatening to make it all public unless a ransom is paid.

Schneider Electric’s Sustainability Business provides sustainability consulting services to large organizations worldwide, including Clorox, DHL, Hilton, and PepsiCo. However, it is unclear how many of these clients were affected by the incident.

Active since at least March 2023, Cactus made headlines in November, when security operations firm Arctic Wolf blamed it for the exploitation of vulnerabilities in a product of business analytics firm Qlik.

It was also observed exploiting Fortinet VPN flaws for initial access, creating an SSH backdoor for persistence, relying on remote access tools, stealing credentials, and encrypting data on all accessible systems.

Cactus has been highly active in the recent months and is currently listing more than 100 companies on its leak site.

Advertisement. Scroll to continue reading.

Written By Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Latest News

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Cybercrime

Cyber Insights 2023 | Ransomware

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Kevin TownsendFebruary 2, 2023

Ransomware

SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Kevin TownsendJune 9, 2023

Cybercrime

Dish Network Says Outage Caused by Ransomware Attack

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Eduard KovacsMarch 1, 2023

Data Breaches

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.

Eduard KovacsOctober 5, 2023

Ransomware

GoAnywhere Zero-Day Attack Hits Major Orgs

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Ionut ArghireMarch 27, 2023

Data Breaches

Yum Brands Discloses Data Breach Following Ransomware Attack

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ionut ArghireApril 11, 2023

Ransomware

Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Eduard KovacsNovember 16, 2023

Ransomware

Johnson Controls Hit by Ransomware

Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.

Eduard KovacsSeptember 29, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Ransomware

Cactus Ransomware Group Confirms Hacking Schneider Electric

More from Ionut Arghire

Latest News

Trending

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Cybercrime

Cyber Insights 2023 | Ransomware

Ransomware

SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint

Cybercrime

Dish Network Says Outage Caused by Ransomware Attack

Data Breaches

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Ransomware

GoAnywhere Zero-Day Attack Hits Major Orgs

Data Breaches

Yum Brands Discloses Data Breach Following Ransomware Attack

Ransomware

Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Ransomware

Johnson Controls Hit by Ransomware

SECURITYWEEK NETWORK:

ICS:

More from Ionut Arghire

Latest News

Trending

Daily Briefing Newsletter

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Cybercrime

Cyber Insights 2023 | Ransomware

Ransomware

SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint

Cybercrime

Dish Network Says Outage Caused by Ransomware Attack

Data Breaches

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Ransomware

GoAnywhere Zero-Day Attack Hits Major Orgs

Data Breaches

Yum Brands Discloses Data Breach Following Ransomware Attack

Ransomware

Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Ransomware

Johnson Controls Hit by Ransomware