In the latest cybersecurity incident to hit Schneider Electric, the threat actors known as “Hellcat” have claimed responsibility for stealing sensitive data from the French industrial company. Even though Schneider Electric has launched an investigation into the matter, they have not formally acknowledged the data theft.
According to the hackers, they were able to breach Schneider Electric’s Jira issue tracking system and are now demanding a ransom of $125,000. In a statement posted on their Tor website, the threat actors revealed that the breach has compromised critical data, including projects, issues, plugins, and over 400,000 rows of user data, amounting to more than 40GB of compressed data.
However, the cybercriminals have mentioned that the ransom amount will be reduced by half if Schneider Electric confirms the breach. They have also issued a warning that if their demands are not met, they will release the data they obtained from the company to the public. This puts pressure on Schneider Electric to act swiftly in response to the threat.
To add further credibility to their claims, one of the hackers involved in the breach has posted evidence on social media platform X detailing how they were able to gain unauthorized access to Schneider Electric’s Jira system to carry out the data theft. This move showcases the sophistication and capabilities of the threat actors involved in the attack.
Schneider Electric has confirmed that the cybersecurity incident involved unauthorized access to one of its “internal project execution tracking platforms.” In response, the company has activated its global incident response team to manage the aftermath of the breach. This highlights the seriousness of the situation and the need for a swift and effective response to mitigate any potential damage.
This latest breach marks the third cybersecurity incident that Schneider Electric has faced in less than two years. The first breach occurred in January and targeted the company’s sustainability business division, with Cactus ransomware being the primary culprit. The second breach was linked to the exploitation of the MOVEit zero-day vulnerability, indicating a pattern of security vulnerabilities within the organization.
Overall, the series of breaches underscores the growing threat landscape faced by companies operating in the industrial sector. With cybercriminals becoming increasingly sophisticated in their tactics and targeting sensitive data, it is imperative for organizations like Schneider Electric to enhance their security measures and readiness to defend against such attacks. As the investigation into this latest incident unfolds, it will be crucial for Schneider Electric to address any weaknesses in their cybersecurity infrastructure and take proactive steps to prevent future breaches.