Cactus Ransomware Targets Schneider Electric, Allegedly Exfiltrating 1.5TB of Data

by | Feb 20, 2024 | News

Post Views: 296

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Schneider Electric, a prominent energy management and automation corporation, finds itself embroiled in a cybersecurity crisis following a breach by the notorious Cactus ransomware gang. The group claims to have infiltrated Schneider Electric’s network last month, stealing a staggering 1.5 terabytes of data.

Initial reports by BleepingComputer unveiled the breach, revealing that the Cactus ransomware gang gained access to Schneider Electric’s Sustainability Business division on January 17th. The threat actors now hold the company at ransom, threatening to release all purportedly stolen data unless a ransom demand is met.

While the precise nature of the compromised data remains undisclosed, Schneider Electric’s Sustainability Business division is renowned for providing renewable energy and regulatory compliance consulting services to prestigious clients such as Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart. Consequently, the breached systems may contain sensitive information concerning customers’ industrial control and automation systems, as well as details pertaining to environmental and energy regulations compliance.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Schneider Electric, a French multinational corporation with over 150,000 employees worldwide, reported a revenue of $28.5 billion in 2023. This is not the first time the company has grappled with ransomware threats; previously, it fell victim to Clop ransomware’s MOVEit data theft attacks, which impacted over 2,700 other organizations.

Schneider Electric Cactus leak Schneider Electric entry on Cactus leak site (BleepingComputer)

Cactus ransomware, a relatively recent entrant into the cyber threat landscape since March 2023, specializes in double-extortion attacks. Utilizing various tactics such as purchased credentials, partnerships with malware distributors, phishing campaigns, and security vulnerability exploitation, the group infiltrates corporate networks. Once inside, they navigate laterally, exfiltrating sensitive data to wield as leverage during ransom negotiations.

Since its emergence, the Cactus ransomware gang has expanded its victim roster, amassing over 100 companies on its data leak site. With a penchant for online data exposure and ongoing ransom negotiations, the threat actors continue to sow chaos in the cybersecurity world.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link