cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Schneider Electric hit by Cactus Ransomware cyber attack

Global energy company Schneider Electric has disclosed a ransomware attack that affected its sustainability division, affecting a number of systems.

user icon Daniel Croft
Tue, 30 Jan 2024
Schneider Electric hit by Cactus ransomware cyber attack
expand image

The French multinational, which operates in Australia and other countries, said yesterday (29 January 2024) that the attack occurred on 17 January 2024, affecting the company’s “Sustainability Business” division.

A number of systems, including the company’s Resource Advisor, were affected by the attack. Schneider Electric has said that it has informed affected customers and launched its global incident response team to bolster its security measures and contain the incident.

It added that the incident was limited to only its Sustainability Business division and that no other entities were affected. It also said that operations and “access to business platforms” would return to normal in “the next two business days” at the time of its post.


Schneider has broken down the response into four key parts – recovery, containment, impact assessment, and forensic analysis.

“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment,” the company wrote.

“Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.

“From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected.

“From an impact assessment standpoint, the ongoing investigation shows that data have been accessed. As more information becomes available, the Sustainability Business division of Schneider Electric will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant.

“From a forensic analysis standpoint, the detailed analysis of the incident continues with leading cyber security firms and the Schneider Electric global incident response team continuing to take additional actions based on its outcomes, working with relevant authorities.”

While the company did not disclose the name of the attack nor the nature of the attack beyond being a ransomware incident, threat feeds observed by Cyber Daily have suggested that the Cactus Ransomware group is behind the incident.

However, upon further investigation by Cyber Daily, Cactus has yet to list Schneider Electric on its leak site and has not said anything regarding the incident.

Cactus Ransomware first appeared in March 2023 and is known for its double-extortion methods, both encrypting and threatening to publish accessed data.

It is also known for gaining initial access to company systems through the exploitation of VPN vulnerabilities before deploying its SSH backdoor, which allows for not only unauthorised access but also continuous presence under the radar.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.