Schneider Electric’s Sustainability Business division is contending with a ransomware attack that has extended to a data breach, according to an announcement by the French industrial giant. The cyber incident, limited to the Sustainability Business division operating on an isolated network infrastructure, has affected systems like Resource Advisor. While Schneider Electric expects a return to normalcy in business operations within two days, ongoing investigations indicate that the attackers may have accessed data, including customer information. The Cactus ransomware group is suspected to be responsible, though the group has not yet listed Schneider Electric on its Tor-based leak website, and the incident represents another cybersecurity challenge for Schneider Electric, following a previous attack by the Cl0p gang’s MOVEit campaign.
The cybersecurity incident was discovered on January 17, and Schneider Electric’s investigation is still in progress. Despite the lack of confirmation on the Cactus group’s leak website, reports suggest the group’s involvement, with Cactus ransomware having been active since at least March 2023 and boasting 86 alleged victims as of the latest data. In November, the group gained attention when it exploited vulnerabilities in a product by business analytics firm Qlik during an attempted deployment of Cactus ransomware on compromised systems. This incident underscores the persistent threat landscape faced by major corporations, with Schneider Electric having been targeted in the past by the Cl0p gang’s extensive MOVEit attack campaign.
The security breach adds to the challenges Schneider Electric has faced in the realm of cybersecurity, raising concerns about the protection of sensitive information and customer data. The incident emphasizes the need for robust cybersecurity measures, particularly for entities operating in critical infrastructure sectors. Schneider Electric’s proactive response to the incident and efforts to restore normal operations within a short timeframe underscore the urgency and resilience required to address and recover from cybersecurity threats in the modern digital landscape.
Reference:
