Article Details
Scrape Timestamp (UTC): 2024-02-19 19:39:36.655
Original Article Text
Click to Toggle View
Cactus ransomware claim to steal 1.5TB of Schneider Electric data. The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. 25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's claims, together with snapshots showing several American citizens' passports and non-disclosure agreement document scans. As BleepingComputer first reported, the ransomware group gained access to the energy management and automation giant's Sustainability Business division on January 17th. The gang is now extorting the company, threatening to leak all the allegedly stolen data if a ransom demand is not paid. It is currently unknown what specific data was stolen, but Schneider Electric's Sustainability Business division provides renewable energy and regulatory compliance consulting services to many high-profile companies worldwide, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart. Given this, the data stolen from its compromised systems could include sensitive information about customers' industrial control and automation systems and information about environmental and energy regulations compliance. Schneider Electric is a French energy and automation manufacturing multinational that employs over 150,000 people worldwide. The company reported a $28.5 billion revenue in 2023 and previously fell victim to Clop ransomware's MOVEit data theft attacks that impacted more than 2,700 other organizations. Cactus ransomware is a relatively new operation that surfaced in March 2023 with double-extortion attacks. Its operators breach corporate networks using purchased credentials, partnerships with various malware distributors, phishing attacks, or exploiting security vulnerabilities. After gaining access to a target's network, they move laterally through the compromised network while stealing sensitive data to use as leverage in ransom negotiations. Since its emergence, the Cactus ransomware has added over 100 companies to its data leak site. The threat actors have already leaked some data online or are threatening to do so while still negotiating a ransom.
Daily Brief Summary
Schneider Electric's network was breached, and 1.5TB of data allegedly stolen by the Cactus ransomware gang.
The ransomware group leaked 25MB of data on their dark web site, including American passports and non-disclosure agreements.
The attack occurred on January 17th, impacting Schneider Electric's Sustainability Business division.
Schneider Electric provides consulting services to high-profile clients; stolen data may include sensitive information on industrial control systems and compliance.
The company has over 150,000 employees and reported $28.5 billion in revenue for 2023.
Cactus ransomware utilizes double-extortion tactics and has been active since March 2023.
The group uses purchased credentials, malware distribution partnerships, phishing, and exploiting vulnerabilities to access networks and steal data.
Over 100 companies have been added to the Cactus ransomware's data leak site, where the threat actors leak data or use it to extort ransom payments.