Schneider Electric, a French multinational company, has confirmed a breach of its developer platform after a hacker claimed to have stolen 40GB of data from the company’s JIRA server. The hacker, known as “Grep” on X, said they gained access to the server using exposed credentials. They claimed to have used a MiniOrange REST API to scrape 400,000 rows of user data, including 75,000 unique email addresses and full names of Schneider Electric employees and customers.
In a post on a dark web site, the hacker jokingly demanded $125,000 in “Baguettes” to not leak the data. They shared more details about what was stolen, stating, “This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB of compressed data.”
Grep mentioned they recently formed a new hacking group called the International Contract Agency (ICA), named after the Hitman: Codename 47 game. However, after learning that the “ICA” name is associated with a “group of Islamic terrorists,” the hackers rebranded as the Hellcat ransomware gang.
They are currently testing an encryptor to be used in extortion attacks.
Schneider Electric breach details emerge
Schneider Electric told reporters, “Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment.
Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”
This is not the first time Schneider Electric has been targeted by hackers. Earlier this year, the company’s “Sustainability Business” division was reportedly breached, with the threat actors claiming to have stolen terabytes of data.
The Hellcat gang’s demand for payment in baguettes appears to be a marketing tactic to stand out in the crowded ransomware market. They later clarified that they would accept payment in Monero, a cryptocurrency widely used by cybercriminals due to its privacy features. Schneider Electric has not made any further public comments beyond confirming the breach and stating that an investigation is ongoing.
The situation remains unresolved as the company works to address the incident and protect its sensitive data.
