Cactus Ransomware Strikes Schneider Electric

  /     /     /  
Publicated : 23/11/2024   Category : security


Cactus Ransomware Strikes Schneider Electric


Schneiders Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January.



Schneider Electric has fallen victim to a cyberattack affecting its Sustainability Business division, and reports thus far have attributed it to a rising ransomware operation called Cactus.
Schneider Electric is a world leader in industrial manufacturing, be it equipment for industrial automation and control systems, building automation, energy storage, and more.
According to a press release
from the industrial giant, the damage from its Jan. 17 breach was limited to only its sustainability division, which provides software and consulting services to enterprises, and
affected no safety-critical systems
.
Still, the company faces potential repercussions if its clients business data gets leaked. According to Bleeping Computer, the Cactus ransomware gang — a relatively young yet prolific group — has claimed the attack. (When Dark Reading reached out to Schneider Electric for corroboration, the company did not confirm nor deny this attribution.)
Schneider Electric has not yet revealed the scope of data which may have been lost to its attackers, but did acknowledge one affected platform: Resource Advisor, which helps organizations track and manage their ESG, energy, and sustainability-related data. 
The attack was entirely limited to platforms and operations associated with its Sustainability division because, the company explained, it is an autonomous entity operating its isolated network infrastructure.
The company also noted that it has already informed affected customers, and it expects business operations to return to normal by Jan. 31.
But that may not be the end of the story, since Schneider Sustainability serves a broad swath of organizations in more than 100 countries, including
30% of the Fortune 500
, as of 2021. Having so many potentially impacted customers may bear on how the company addresses a ransom demand.
Cactus isnt even a year old yet, having first arrived on the ransomware scene last March. Already, though, it is one of the planets most prolific threat actors.
According to data from NCC Group, shared with Dark Reading via email, Cactus has been claiming double-digit victims nearly every month since last July. Its busiest stretches thus far have been September when it took 33 scalps, and in December, 29 scalps, making it the second busiest group during that period, behind only
LockBit
. Its 100 or so victims have thus far spanned 16 industries, most commonly the automotive sector, construction and engineering, and software and IT.
But it isnt for any discernible technical reason that it has achieved so much so fast, says Vlad Pasca, senior malware and threat analyst for SecurityScorecard, who wrote
a whitepaper about the group
last fall. In general, Cactus just relies on known vulnerabilities and off-the-shelf software.
Initial access is achieved using Fortinet VPN vulnerabilities, and then they use tools like SoftPerfect Network Scanner and PowerShell to enumerate the hosts in the network, and perform some lateral movement, Pasca says. Perhaps, he suggests, Cactus banality is the lesson to take away from Schneider Electrics story — that even if you have a big budget for cybersecurity, you might still be impacted because of such basic vulnerabilities.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cactus Ransomware Strikes Schneider Electric