The Cactus ransomware group announced that they successfully infiltrated Schneider Electric’s network and seized approximately 1.5TB of data. As evidence, they have leaked 25MB of the allegedly stolen information on their dark web leak site.
This leaked data from Schneider Electric Data Breach includes snapshots containing scanned passports of multiple American citizens, as well as non-disclosure agreement documents. The breach occurred on January 17th within Schneider Electric’s Sustainability Business division.
Schneider Electric Data Breach Compromises Personal and Compliance Related Information
The Cactus ransomware gang is currently engaging in extortion by demanding a ransom from Schneider Electric. They have threatened to release all the data they claim to have stolen if the ransom is not paid. The exact nature of the stolen data remains unknown at this time.
However, it is important to note that Schneider Electric’s Sustainability Business division offers renewable energy and regulatory compliance consulting services to prominent global companies such as Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.
Considering the nature of Schneider Electric’s Sustainability Business division and its clients, the stolen data could contain sensitive information pertaining to customers’ industrial control and automation systems. The Schneider Electric Data Breach may also have compromised data related to environmental and energy regulations compliance.
It is worth mentioning that Schneider Electric has previously been targeted by the Clop ransomware group, resulting in data theft incidents through the exploitation of their MOVEit platform, which affected over 2,700 other organizations.
Schneider Electric entry on Cactus leak site
Source (BleepingComputer)
Who is Cactus Ransomware?
The Cactus ransomware group is a relatively new operation that emerged in March 2023, specializing in double-extortion attacks. Their modus operandi involves breaching corporate networks through various means, such as using purchased credentials, collaborating with malware distributors, carrying out phishing attacks, or exploiting security vulnerabilities.
Once inside a target’s network, they navigate through the compromised infrastructure, all the while stealing sensitive data that they can later use as leverage during ransom negotiations.
Since their inception, the Cactus ransomware group has grown their data leak site to include over 100 companies. These threat actors have already leaked some of the stolen data online or are actively threatening to do so, even as they engage in ongoing ransom negotiations.
