Schneider Electric division responds to cybersecurity incident

Schneider Electric division responds to cybersecurity incident

Schneider Electric has been targeted by cybercriminals as part of a ransomware attack.

The attack impacted a division of Schneider Electric and affected customers have been notified.

A statement from the company said: “On January 17, 2024, a ransomware incident affected Schneider Electric Sustainability Business division. The attack has impacted Resource Advisor and other division specific systems.

“Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident and to reinforce existing security measures.”

The Sustainability Business division has informed impacted customers.

The statement continued: “From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment. Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.

“From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected.

“From an impact assessment standpoint, the on-going investigation shows that data has been accessed. As more information becomes available, the Sustainability Business division of Schneider Electric will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant.

“From a forensic analysis standpoint, the detailed analysis of the incident continues with leading cybersecurity firms and the Schneider Electric Global Incident Response team continuing to take additional actions based on its outcomes, working with relevant authorities.”

Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, said: “The attack on Schneider Electric follows a trend of cyberattacks against the energy sector. The energy sector is a popular target for ransomware due to playing a vital role in society’s daily functioning – disruption can have far-reaching consequences.

“The energy sector and other, similar Critical National Infrastructure (CNI) will continue to be a regular target for cyberattacks, especially with the current, heightened geopolitical tensions. In its Annual Review, the UK NCSC warned about the increasing threat towards CNI. Therefore, it’s essential that energy organisations invest in regular risk assessments and advanced security measures to minimise their attack surface.”

Browse our latest issue

Intelligent CISO

View Magazine Archive