Energy Giant Schneider Electric Hit by Cactus Ransomware Attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Schneider Electric’s Sustainability Business division hit by Cactus ransomware attack. The incident highlights the growing threat to industrial organizations. Get the latest updates on impact and response.

Schneider Electric, a global leader in energy management and automation, has suffered a ransomware attack that impacted its Sustainability Business division. The attack, which occurred on January 17, 2024, involved the deployment of the Cactus ransomware, a strain known for targeting industrial organizations.

The Impact:

The attack primarily affected Schneider Electric’s EcoStruxure Resource Advisor platform, used by over 2,000 companies worldwide to monitor energy and resource data. While the full extent of the breach is still under investigation, it is confirmed that some data was accessed by the attackers. Fortunately, no other Schneider Electric divisions or business units were affected.

Schneider Electric’s Response:

According to a press release, the company immediately launched a global incident response, mobilizing its internal team and bringing in external cybersecurity experts to contain the attack and restore affected systems. Additionally, Schneider Electric is notifying customers who may have been impacted by the breach.

On January 17th, 2024, a ransomware incident affected Schneider Electric’s Sustainability Business division. The attack has impacted Resource Advisor and other division-specific systems. Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and reinforce existing security measures. The Sustainability Business division has informed impacted customers.

Schneider Electric

Current Status and Potential Impact:

As of January 31, 2024, Schneider Electric is still working to restore full functionality to its systems. Most systems are expected to be back online within the next few days. However, the attack could potentially disrupt operations for some of Schneider Electric’s customers, and there is a risk that customer data may have been compromised.

Expert Opinions:

Cybersecurity experts have expressed concern about the growing trend of ransomware attacks targeting industrial organizations. They warn that such attacks can have significant consequences, disrupting critical infrastructure and potentially endangering public safety.

John Gallagher, Vice President of Viakoo Labs at Viakoo said “Whether for IoT, OT, or ICS systems it has been a long-standing best practice to ensure these systems are on dedicated and isolated networks to prevent lateral movement if vulnerable IoT devices are breached. But this is not that situation; this is a business division and more like a fully separate company.”

John advised that “In addition to isolated or segmented networks, effective use of zero trust principles can also be effective in preventing lateral movement within an organization.”

“Using application-based discovery to identify all application, device, and port relationships can also be effective in setting up and maintaining an isolated network. Too often a network is properly configured and isolated, but over time both users and configuration drift can impact that segmentation and allow punch-throughs,” he added.

Homepage of Cactus ransomware’s dark web domain – For now, there is no mention of Schneider Electric (Screenshot:

Key Takeaways:

  • Schneider Electric’s Sustainability Business division was hit by a ransomware attack on January 17, 2024.
  • The attack involved the Cactus ransomware strain and impacted the EcoStruxure Resource Advisor platform.
  • Some data was accessed by the attackers, but the full extent of the breach is still under investigation.
  • Schneider Electric is working to restore systems and notify impacted customers.
  • The attack is a reminder of the growing threat of ransomware targeting industrial organizations.
  1. LockBit Ransomware Gang Claims Subway as New Victim
  2. Schneider Electric Shipped USB Drives Loaded with Malware
  3. New CISA Advisories Highlight Vulnerabilities in Top ICS Products
  4. TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware
  5. Controller-level flaws can let hackers physically damage moving bridges


Click Here For The Original Source.

National Cyber Security