Cactus Ransomware in France

12369303100?profile=RESIZE_400xFrench multinational Schneider Electric is reporting that its Sustainability Business division suffered from a ransomware attack earlier this month.  The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product, a data visualization tool for sustainability information, as well as other “division specific systems.”

Schneider Electric said that data was accessed by the hackers.[1]  Bleeping Computer, which first reported the incident, said the Cactus ransomware gang is behind the attack.  “Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures.  The Sustainability Business division has informed impacted customers,” the company said.  “From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment.  Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.”

The company noted that Sustainability Business is an autonomous entity operating on an isolated network infrastructure and no other Schneider Electric divisions were affected.  Cybersecurity firms have been hired to investigate the incident.

Schneider Electric, which reported a revenue of more than $37 billion in 2022, did not respond to requests for comment about whether the Cactus ransomware group was responsible for the attack, which took place on 17 January.

Microsoft warned of the Cactus ransomware in December 2023, explaining that the group was using online advertisements to infect victims.  Incident response firm Dragos also said it is increasingly seeing Cactus ransomware used in attacks on industrial organizations, impacting manufacturing and ICS equipment and engineering sectors.

The group emerged in March 2023 but “appears to be run by skilled, experienced hackers,” ransomware expert Allan Liska told Recorded Future News in December.  The gang took credit for an attack on Coop, one of Sweden's largest supermarket chains, around New Years.


Schneider Electric dealt with data theft by a ransomware gang last year, when the Clop ransomware group stole information from the company using a vulnerability in popular file transfer tool MOVEit.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Call for assistance.  For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or   

Weekly Cyber Intelligence Briefings:




Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!