Cactus ransomware claim to steal 1.5TB of Schneider Electric data

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's claims, together with snapshots showing several American citizens' passports and non-disclosure agreement document scans.
As BleepingComputer first reported, the ransomware group gained access to the energy management and automation giant's Sustainability Business division on January 17th. The gang is now extorting the company, threatening to leak all the allegedly stolen data if a ransom demand is not paid.
It is currently unknown what specific data was stolen, but Schneider Electric's Sustainability Business division provides renewable energy and regulatory compliance consulting services to many high-profile companies worldwide, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.
Given this, the data stolen from its compromised systems could include sensitive information about customers' industrial control and automation systems and information about environmental and energy regulations compliance.
Schneider Electric is a French energy and automation manufacturing multinational that employs over 150,000 people worldwide.
The company reported a $28.5 billion revenue in 2023 and previously fell victim to Clop ransomware's MOVEit data theft attacks that impacted more than 2,700 other organizations.
Cactus ransomware is a relatively new operation that surfaced in March 2023 with double-extortion attacks.
Its operators breach corporate networks using purchased credentials, partnerships with various malware distributors, phishing attacks, or exploiting security vulnerabilities.
After gaining access to a target's network, they move laterally through the compromised network while stealing sensitive data to use as leverage in ransom negotiations.
Since its emergence, the Cactus ransomware has added over 100 companies to its data leak site.
The threat actors have already leaked some data online or are threatening to do so while still negotiating a ransom.
Energy giant Schneider Electric hit by Cactus ransomware attack.
LockBit claims ransomware attack on Fulton County, Georgia.
MGM Resorts ransomware attack led to $100 million loss, data theft.
ALPHV ransomware claims loanDepot, Prudential Financial breaches.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 19 Feb 2024 19:40:15 +0000


Cyber News related to Cactus ransomware claim to steal 1.5TB of Schneider Electric data

Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
10 months ago Bleepingcomputer.com
Cactus ransomware claim to steal 1.5TB of Schneider Electric data - The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. 25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's ...
9 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Schneider Electric confirms ransomware attack on sustainability division - French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. Schneider Electric said they have confirmed that data was accessed by the hackers. Bleeping Computer, which first ...
10 months ago Therecord.media
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
'Cactus' Ransomware Strikes Schneider Electric - Schneider Electric is a world leader in industrial manufacturing, be it equipment for industrial automation and control systems, building automation, energy storage, and more. According to a press release from the industrial giant, the damage from ...
10 months ago Darkreading.com
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
2 years ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
10 months ago Bleepingcomputer.com
Cactus ransomware exploiting Qlik Sense flaws to breach networks - Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. Qlik Sense supports multiple data sources and allows users to create custom data reports or ...
1 year ago Bleepingcomputer.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
Cisco and Schneider Electric Are Creating Smarter, More Efficient Buildings - Whether your organization owns commercial property, leases it, or manages it, you're likely to be grappling with industry trends and challenges that call on your best efforts-and the innovative application of technology. The need to reduce energy ...
10 months ago Feedpress.me
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)