Schneider Electric, a leading French multinational in energy and automation solutions, has confirmed that a cybersecurity incident involving unauthorized access occurred on one of its internal project tracking platforms. The breach reportedly led to the theft of sensitive data, as a hacker claimed to have stolen over 40GB of information from the company’s JIRA server, including project details, user data, and email addresses.
Statement from Schneider Electric
In an official response shared with BleepingComputer, Schneider Electric acknowledged the breach, stating that it is investigating the cybersecurity incident and has mobilized its Global Incident Response team. The company emphasized that the compromised platform was hosted within an isolated environment and reassured that its core products and services remain unaffected by this breach.
“Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected,” Schneider Electric confirmed.
How the Breach Happened
The threat actor behind this breach, known online as "Grep," claims to have exploited exposed credentials to access Schneider Electric’s Jira server. Once inside, Grep reportedly leveraged a MiniOrange REST API to scrape a large volume of data—approximately 400,000 rows—which included sensitive user information, with 75,000 unique email addresses and full names of employees and customers.
The Hacker's Demands and Intentions
Grep, representing a newly-formed group called the Hellcat ransomware gang (formerly "International Contract Agency"), has taunted Schneider Electric on social media, sharing details of the data they claim to have stolen. The threat actor jokingly demanded $125,000 in a post on a dark web extortion site, referring to the ransom as payment in "Baguettes." Grep further specified that they are willing to settle for half the amount if Schneider Electric releases an official statement about the breach.
According to BleepingComputer, Grep has recently rebranded their hacking group as Hellcat ransomware after learning that their previous group name, "ICA," was associated with a different group. The Hellcat gang is reportedly in the early stages of testing an encryptor to carry out ransomware-based extortion attacks.
Context of Prior Incidents
This incident follows another cybersecurity breach at Schneider Electric earlier this year, in which the company’s "Sustainability Business" division was reportedly hit by a Cactus ransomware attack. During that incident, threat actors claimed to have stolen terabytes of data, indicating that Schneider Electric may be facing a consistent challenge with cyber threats targeting its infrastructure.
Implications and Next Steps for Schneider Electric
The details of this breach highlight potential vulnerabilities in Schneider Electric’s developer platforms and internal systems, underscoring the importance of secure access management. While Schneider Electric's isolated environment for the breached platform prevented further damage, the exposure of sensitive employee and customer data raises concerns about future attacks and the need for strengthened security protocols.
Schneider Electric’s Incident Response team is actively investigating the situation and assessing the full impact of the breach. Enhanced security measures, particularly in credential management and API access, will be critical to safeguarding against similar threats in the future.
No comments:
Post a Comment