HomeCII/OTSchneider Electric Hit by 'Cactus' Ransomware

Schneider Electric Hit by ‘Cactus’ Ransomware

Published on

spot_img

Schneider Electric, a global leader in industrial manufacturing, has become the latest victim of a cyberattack which targeted its Sustainability Business division. The attack has been attributed to a rising ransomware operation known as “Cactus,” a relatively young yet prolific group that has been claiming double-digit victims nearly every month since last July, as reported by NCC Group to Dark Reading.

The industrial giant, which specializes in equipment for industrial automation and control systems, building automation, energy storage, and more, has released a press statement confirming that the damage from the breach was limited to its sustainability division. The division provides software and consulting services to enterprises and does not impact any safety-critical systems, according to Dark Reading.

The attack was entirely limited to platforms and operations associated with its Sustainability division because it operates as an autonomous entity with isolated network infrastructure, the company explained. Despite this, Schneider Electric has not yet revealed the scope of data which may have been lost to its attackers but did acknowledge that one affected platform was Resource Advisor, which helps organizations track and manage their ESG, energy, and sustainability-related data. It has already informed affected customers, and the company expects business operations to return to normal by the end of January.

However, the potential repercussions of the attack are still a cause for concern, especially since Schneider Sustainability serves a broad swath of organizations in more than 100 countries, including 30% of the Fortune 500, as of 2021, according to Business Wire. Given the number of potentially impacted customers, it remains to be seen how the company will address any ransom demand from the Cactus ransomware gang.

Cactus ransomware, which first arrived on the scene last March, has rapidly become one of the planet’s most prolific threat actors. According to data from NCC Group, Cactus has claimed over 100 victims spanning 16 industries since its inception. Its success is not due to any discernible technical prowess but rather to its reliance on known vulnerabilities and off-the-shelf software, as pointed out by Vlad Pasca, senior malware and threat analyst for SecurityScorecard.

Pasca noted that initial access is achieved using Fortinet VPN vulnerabilities, and then tools like SoftPerfect Network Scanner and PowerShell are used to enumerate the hosts in the network and perform lateral movement. This banal approach to cyberattacks serves as a reminder that even organizations with substantial cybersecurity budgets may still be impacted due to basic vulnerabilities, as highlighted by Schneider Electric’s story.

In the wake of this cyberattack, Schneider Electric will need to employ robust security measures to secure its systems and prevent future attacks. The company’s response to this incident will undoubtedly influence the cybersecurity strategies of other organizations working with Schneider Electric. With ransomware threats becoming more sophisticated and widespread, it is imperative that businesses remain vigilant and proactive in safeguarding their digital infrastructure against such attacks.

Source link

Latest articles

Top 10 Firewall Solutions Raising Cybersecurity Standards in 2026

The firewall category is rapidly transforming, marking the most significant evolution since the introduction...

When AI Acquires a Physical Form, It Inherits an Attack Surface

Embodied artificial intelligence (AI) constructs a bridge between the digital and physical realms by...

CISA Calls for Immediate Hardening of SharePoint Amid Rising Exploits

Understanding the Impact of Vulnerabilities in Cybersecurity In today’s rapidly evolving digital landscape, the distinction...

Single Prompt Empowers ChatGPT to Perform Complete Cyber-Attack Sequence

In a recent study, cybersecurity researchers from Cato Networks highlighted a significant concern about...

More like this

Top 10 Firewall Solutions Raising Cybersecurity Standards in 2026

The firewall category is rapidly transforming, marking the most significant evolution since the introduction...

When AI Acquires a Physical Form, It Inherits an Attack Surface

Embodied artificial intelligence (AI) constructs a bridge between the digital and physical realms by...

CISA Calls for Immediate Hardening of SharePoint Amid Rising Exploits

Understanding the Impact of Vulnerabilities in Cybersecurity In today’s rapidly evolving digital landscape, the distinction...