Schneider Electric confirms data access in ransomware attack


Energy company Schneider Electric has revealed it was the victim of a ransomware attack, leading to data from its Sustainability Business division being accessed.

Ransomware group Cactus reportedly claimed responsibility for the attack, allegedly stealing terabytes of corporate data in the process.

The company said the incident occurred on January 17, 2024, and its incident response team worked to respond and contain the attack.

Schneider has notified affected customers of the breach. Clients of its sustainability business consulting arm include major brands such as Hilton, Pepsico and Walmart.

Currently, it is unclear what information was accessed during the incident.

Schneider said: “The ongoing investigation shows that data was accessed. As more information becomes available, Schneider Electric’s Sustainability Business division will continue to engage directly with its affected customers and continue to provide information and support as necessary.

A number of division-specific systems were taken offline following the attack, including Resource Advisor.

In the update On January 29, Schneider said its global incident response team was carrying out remedial actions to safely restore its systems. The company expects access to its trading platforms to resume within the next two business days.

The energy giant has confirmed that no other entities within the Schneider Electric group have been affected, with its sustainability business being a standalone entity operating in an isolated network infrastructure.

The investigation into the incident continues, with Schneider working with cybersecurity companies and “relevant authorities” to obtain a detailed analysis.

Critical infrastructure under threat

Stephen Robinson, senior threat intelligence analyst at WithSecure, noted that Schneider was a victim of LockBit’s MOVEit ransomware campaign in 2023, and it is concerning that the company was compromised again so soon after.

“Energy companies hold huge amounts of personal data that not only has value on the dark web, but also provides excellent leverage for cyber attackers when demanding ransom,” he said.

Darren Williams, CEO and founder of BlackFog, noted that this incident, which potentially involves the theft of data from large companies, could have a considerable impact.

“In particular, the energy sector is a prime target due to its potentially lucrative rewards for success, and the maximum chaos caused by its broad public reach. Naturally, with high-profile clients like Hilton and PepsiCo, Schneider Electric fits the bill,” Williams said.

Among the top energy companies hit by ransomware attacks in 2023 Tata Power, Suncor Energy And Energy One.

As of December 2023, SecurityScorecard data revealed that 90% of the world’s largest energy companies have suffered a supply chain data breach in the last 12 months.

Earlier in January, two major water suppliers, Southern Water in the United Kingdom and the North American subsidiary of Veolia Water, revealed they had been hit by ransomware attacks leading to access to personal data.

The increasingly active Cactus group

Robinson noted that the Cactus Group, which claimed to have compromised Schneider, had been increasingly active in recent months.

“This is a multi-point extortion group that first emerged in March 2023, and their TTPs follow the standard ransomware playbook, using well-known tools and methods,” he said. explain.

“During several of their early attacks in 2023, Cactus gained access to victims’ networks through vulnerable VPN gateways, often Fortinet VPN instances,” Robinson added.

Image credit: Poetra.RH /

Leave a comment