iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Global energy company Schneider Electric has allegedly suffered a second cyber attack for the year after a threat actor claimed to have accessed the company’s systems and published data on X (formerly Twitter).
On 4 November, a threat actor by the name of “greppy” posted to X to taunt the French multinational.
“Hey @SchneiderElec how was your week?” the threat actor said.
“Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data.”
In a reply to their own tweet, the threat actor also posted a sample of the stolen data, which appears to be email addresses, links to JIRA accounts and links to Gravatar accounts. Gravatar is a platform that allows users to create a digital avatar to accompany their email address.
Hey @SchneiderElec how was your week?
— greppy (@grepcn) November 3, 2024
Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data >_<
It appears that greppy may be connected to the HELLCAT ransomware gang, with Schneider Electric appearing on the group’s dark web site.
“We have successfully breached Schneider Electric’s infrastructure, accessing their Atlassian Jira system,” the group said.
“This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data.
“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes. Failure to meet this demand will result in the dissemination of the compromised information.
“Stating this breach will decrease the ransom by 50%, its your choice Olivier...,” the threat group added, naming Schneider Electric’s new CEO Olivier Blum, who was appointed earlier this week.
Schneider Electric said it is aware of the incident and is currently investigating the threat actor’s claims.
“Schneider Electric is investigating a cyber security incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric told tech publication BleepingComputer.
“Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric’s products and services remain unaffected.”
Schneider Electric previously suffered a cyber attack on its sustainability business division back in January.
A number of systems, including the company’s Resource Advisor, were affected by the attack. Schneider Electric has said it has informed affected customers and launched its global incident response team to bolster its security measures and contain the incident.
It added that the incident was limited to only its sustainability business division and that no other entities were affected. It also said that operations and “access to business platforms” would return to normal in “the next two business days” at the time of its post.
Be the first to hear the latest developments in the cyber industry.
