Representatives of the Cactus ransomware group allege they exfiltrated 1.5 TB of data from Schneider Electric following a network intrusion last month. To substantiate their claims, the hackers released 25 MB of purportedly pilfered data on the darknet, showcasing passport photos of several American citizens and scans of non-disclosure agreements.
It was revealed in January 2024 that Schneider Electric had suffered a cyberattack. Reports indicated that the breach impacted the company’s sustainability division, which offers consultancy services on renewable energy and assists organizations in complying with intricate climate regulatory mandates globally. Experts initially suggested that the cybercriminals exfiltrated multiple terabytes of corporate data.
This assertion now gains credibility as Cactus group members have started to disclose the purloined data, coercing Schneider Electric into paying a ransom to prevent the complete disclosure of the stolen information online.
It remains uncertain which specific files were compromised. Speculation suggests that the stolen data could encompass sensitive details about customer electricity usage, automated control systems, and adherence to environmental and energy standards.