Schneider Electric is facing a significant cybersecurity incident after confirming that its developer platform was breached, leading to the alleged theft of approximately 40GB of sensitive data. The threat actor, who goes by the name “Grep,” claimed responsibility for the breach and stated that they accessed Schneider Electric’s JIRA server using exposed credentials. This access allowed them to utilize a MiniOrange REST API to scrape a vast amount of user data, including 400,000 rows of information that reportedly contain 75,000 unique email addresses along with the full names of Schneider Electric employees and customers.
In a conversation with BleepingComputer, Grep detailed the extent of the breach and shared their demands on a dark web forum, playfully requesting a ransom of $125,000 in “Baguettes” to refrain from leaking the stolen data. They noted that their newly formed hacking group, called the International Contract Agency (ICA), does not engage in traditional extortion practices; instead, they threaten to release stolen data if the affected company does not acknowledge the breach within 48 hours. The tone of Grep’s communications suggests a mocking attitude toward the company’s security measures and its response to the breach.
Schneider Electric has mobilized its Global Incident Response team to address the incident and has stated that its products and services remain unaffected by the breach. The company has not disclosed specific details regarding the nature of the compromised data or the full implications of the breach on its operations. However, the incident raises concerns about the potential exposure of sensitive information, particularly in light of the ongoing cyber threats targeting large corporations.
This latest breach follows a previous cybersecurity incident involving Schneider Electric’s Sustainability Business division, which was hit by a Cactus ransomware attack earlier in the year. In that incident, the attackers claimed to have stolen terabytes of data, indicating ongoing vulnerabilities in Schneider Electric’s cybersecurity defenses. As investigations continue into the current breach, the company must implement robust security measures and enhance its cybersecurity posture to protect against future threats and safeguard its sensitive information from malicious actors.
Reference: