Schneider Electric Sustainability Business Hit by Cactus Ransomware Gang

January 17, 2024

Schneider Electric confirmed a ransomware attack that affected its Sustainability Business division. The attack disrupted some of Schneider Electric’s EcoStruxure Resource Advisor cloud platform. The Cactus ransomware gang claims they stole 1.5TB of data. 25MB of allegedly stolen were also leaked on the operation’s dark web leak site today as proof of the threat actor’s claims. It is not known if Schneider Electric will be paying a ransom demand.

At a recent PASA Connect roundtable event, three of the 13 Chief Product Officers in attendance confirmed minor issues related to the incident.

read more

Wannacry Affects Operations at Several Renault Plants

May 12, 2017

Global cyberattack caused widespread disruption including stoppages at several of Renault-Nissan sites. Renault and its Japanese partner are the only major car manufacturers so far to have reported production problems resulting from Friday’s WannaCry ransomware worm attack that spread to more than 150 countries.

The cyber attack halted or reduced the output of at least five Renault sites over the weekend. Besides Douai, they included a van plant in Sandouville, France; a small-car plant in Slovenia; the no-frills Dacia plant in Pitesti, Romania; and a factory shared with Nissan in Chennai, India.

read more

Ransomware Attack on Thousands of VMware ESXi Servers

February 3, 2023

A vast ransomware infection campaign hits VMware ESXi servers around the world on February 3. The scale suggests an automated operation.

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated threat actors in low-complexity attacks.

While the threat actors behind this attack claim to have stolen data, one victim reported in the BleepingComputer forums that it was not the case in their incident. Victims have also found ransom notes named “ransom.html” and “How to Restore Your Files.html” on locked systems. Others said that their notes are plaintext files.

read more

Renewable Energy Company hep global Target of Cyberattack

June 5, 2023

hep global GmbH recently became the target of a cyber attack. This was detected immediately. Cooperating closely with authorities and external IT security experts, hep was able to ensure business continuity. The investigation into the cyber attack is still ongoing.

Darkrace ransomware group has claimed responsibility for the hep Global data breach, listing the German renewable energy company as its latest victim

read more

Schneider Hit In MOVEit Transfer Zero Day

May 30, 2023

Schneider Electric suffered cyberattack from the Clop ransomware group

“On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software.” the company said in a statement. “Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyberattack relative to MOVEit vulnerabilities,” the company said. “Our cybersecurity team is currently investigating this claim as well.”

No further information was released at this time.

read more

Siemens Energy AG Confirms Ransomware Attack

June 27, 2023

Cl0p ransomware group claimed the cyber attack on Siemens Energy and four other organizations including Schneider Electric and the University of California Los Angeles.

Siemens Energy spokesperson, Claudia Nehring, stated, “Regarding the global data security incident, Siemens Energy is among the targets. Based on the current analysis, no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident.”

Siemens Energy in-house ProductCERT team has not released any statements or updates regarding the alleged cyber attack. The team is responsible for handling all security-related matters pertaining to their products, solutions, and services.

Cl0p listed Siemens Energy on their data leak site. The group has been wreaking havoc on various organizations in recent weeks.

read more

Major Airlines Affected in Massive Supply Chain Attack at Technology Giant SITA.

February 24, 2021

SITA, an airline technology and communication provider that operates passenger processing systems for airlines, was the victim of a cyber-attack involving passenger data. SITA serves 90% of the world’s airlines and disclosed that among the airlines affected were various major airlines including Air India, Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Singapore Airlines and Cathay Pacific.

Singapore Airlines reported that 580,000 of its frequent flyer members were compromised in the attack and Air India estimated that personal data relating to 4.5 million of its passengers was stolen.

read more

Entire System of Global Energy Provider ista International Hacked in Two Days

August 1, 2022

ista International GmbH announced a cyber attack on its website. All affected IT systems were initially taken offline, resulting in various functions and services being unavailable. The company’s customer portal and email functionality are switched off. ista asks to refrain from contacting them. “We will inform them immediately via our website when the contact options are available again .. you will temporarily be limited or unable to use certain functions and services.”

ista describes the company: “..we already have 400,000 gateways in use for our customers that link over 25 million connected devices to each other”. Daixin Team states they went through one of those gateways and took control of the entire system in two days.

ista International takes care of about 30 million networked devices in 22 countries in the field of sub-metering.

read more

Global Airline Technology Provider Accelya Hacked by AlphV/Black Cat.

August 23, 2022

Accelya, a technology provider for many of the world’s largest airlines, said it recently dealt with a ransomware attack impacting some of its systems.

Accelya provides services to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and many more. The company confirmed Tuesday that company data was posted on a ransomware leak site. The AlphV/Black Cat ransomware group published data it allegedly stole from Accelya last Thursday. The group claimed to have stolen emails, worker contracts and more.

read more

Nivea’s parent company, Beiersdorf, Target of NotPetya Attack

June 27, 2017

German skin care company Beiersdorf said it was a “target” of the cyberattack, which affected its IT and telephone systems. The firm’s headquarters in Hamburg, as well as its affiliates around the world, were affected. While Beiersdorf expects sales worth roughly €35 million ($41 million) to be shifted from the second quarter to the third, the company does not expect a material impact on its profits for this year.

read more