Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Schneider Electric, a French multinational specializing in energy management and automation solutions, has confirmed a cybersecurity incident involving unauthorized access to one of its internal project execution tracking platforms.
The breach was reported after a threat actor known as “Grep” claimed to have stolen 40GB of compressed data from the company’s Jira server—a platform used for project management and issue tracking.
Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment.
Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.
Schneider Electric’s official statement to BleepingComputer (source)
The compromised data allegedly includes critical project information, issues, plugins, and over 400,000 rows of user data, encompassing approximately 75,000 unique email addresses and full names of employees and customers.
Grep’s claims and demands
“Grep,” who has recently formed a group called the International Contract Agency (ICA)—a name inspired by the game Hitman: Codename 47—took to social media platform X (formerly Twitter) and a dark web site to taunt Schneider Electric and disclose details of the breach.
In a post shared by BleepingComputer, the threat actor jokingly demanded a ransom of $125,000 in “Baguettes,” a nod to Schneider Electric’s French origins, for the deletion of the stolen data and to prevent its public release.
“This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data.”, said the threat actor in a post to a dark web site.
Ransom message (source)
However, “Grep” claims that their group does not engage in traditional extortion. Instead, if a company does not acknowledge a breach within 48 hours, they threaten to leak the stolen data.
Now that Schneider Electric has confirmed the incident, it remains to be seen whether the threat actor will refrain from releasing the information.
Schneider Electric’s response and impact
Schneider Electric has mobilized its Global Incident Response team to investigate and contain the incident. The company emphasized that the affected platform is hosted within an isolated environment and that its products and services remain unaffected.
They are collaborating with cybersecurity experts and relevant authorities to assess the full scope of the breach.
The breach appears to be limited to internal systems, and there is currently no evidence to suggest that customer operations or critical infrastructure have been impacted.
Schneider Electric is advising customers and partners to remain vigilant and report any suspicious activity.
This happened before
This incident marks the second time this year that Schneider Electric has faced a security breach.
In January, the company’s Sustainability Business division was impacted by a ransomware attack that affected its Resource Advisor product and other specific systems.
Protecting against rising cyber threats
The growing frequency of cyberattacks like those experienced by Schneider Electric shows that organizations must strengthen their cybersecurity posture.
Staying informed and proactive is essential in the fight against cybercrime. Implementing end-to-end security solutions and fostering a culture of cybersecurity awareness can significantly reduce the risk of becoming the next victim.
To learn more about how to prevent or mitigate ransomware, check out the related articles.
If you liked this piece, follow us on LinkedIn, X, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
