Cyber Incident Victim: Schneider Electric

Schneider Electric identified a malware incident involving USB drives shipped with specific solar energy products in late August 2018. The company discovered malicious code pre-installed on USB drives accompanying all versions of its Conext ComBox (SKU 865-1058) and Conext Battery Monitor (SKU 865-1080-01) devices. These drives were distributed as standard accessories with the products, which served critical roles in solar energy monitoring – the ComBox facilitated communications for solar system operators, while the Battery Monitor tracked battery runtime and charge status. Investigation revealed the contamination occurred during manufacturing at a third-party supplier facility before shipment. Schneider publicly confirmed the compromise on September 7, 2018, explicitly stating the malware exposure originated from this third-party production environment. The infected drives contained user documentation and supplementary software utilities deemed non-essential for core product operation.

The company confirmed the malware was detectable by mainstream antivirus solutions but advised customers to immediately dispose of affected USB drives rather than attempt disinfection. Technical analysis determined no impact on the functionality or security of the primary Conext hardware products themselves. Schneider emphasized that operational systems remained uncompromised since the drives served only auxiliary purposes. Customers who had connected the contaminated drives to their systems were instructed to perform comprehensive antivirus scans. This incident represented a supply chain compromise rather than a direct breach of Schneider's infrastructure, highlighting vulnerabilities in third-party manufacturing processes. The event occurred amid increasing industry awareness of supply chain attack vectors targeting hardware distribution channels.