The attack, which occurred in mid-January, resulted in the theft of terabytes of data.
This is a case of the Cactus ransomware gang, first observed in March 2023, which likes to gain access using purchased credentials, phishing, malware distribution and even just exploiting vulnerabilities. They are attempting to extort payment leveraging the terabytes of data exfiltrated from Schneider Electric. The exfiltrated data appears to be relating to their customer's power utilization, ICS and automation systems, and compliance with environment and energy regulations. Customers include Walmart, PepsiCo, Lexmark, PepsiCo, DuPont, Clorox and DHL.