Schneider Electric, a French multinational company that manufactures energy and automation products, has confirmed a breach of its developer platform. The company stated that a threat actor gained unauthorized access to one of its internal project execution tracking platforms. According to the company, “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment.
Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”
Over the weekend, a threat actor known as “Grep” claimed responsibility for breaching Schneider Electric’s systems. Grep stated that they accessed the Jira server using exposed credentials and then used a MiniOrange REST API to scrape 400,000 rows of user data.
This data reportedly includes 75,000 unique email addresses and full names of Schneider Electric employees and customers.
Schneider Electric breach details emerge
In a post to a dark web site, Grep humorously demanded $125,000 in “Baguettes” not to leak the data.
The post reads, “This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB Compressed Data.”
The threat actor also mentioned they formed a new hacking group called the International Contract Agency (ICA), named after the game Hitman: Codename 47. This group initially avoided extortion but rebranded as the Hellcat ransomware gang after learning that “ICA” was associated with a group of Islamic terrorists. Hellcat is currently developing an encryptor for future extortion attacks.
Grep stated that they are demanding $125,000 not to leak the stolen data, reduced to half if an official statement is released. Earlier this year, Schneider Electric’s “Sustainability Business” division was also targeted by threat actors who claimed to have stolen terabytes of data. The situation remains dynamic, and it is unclear if Schneider Electric will meet the ransom demands or publicly disclose further details about the breach.