Schneider Electric confirms dev platform breach after hacker steals data

Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company’s JIRA server.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric told BleepingComputer.

“Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”

Schneider Electric is a French multinational company that manufactures energy and automation products ranging from household electrical components found in big box stores to enterprise-level industrial control and building automation products.

Over the weekend, a threat actor known as “Grep” taunted the company on X, indicating they had breached its systems.

In a conversation with BleepingComputer, Grep said they breached Schneider Electric’s Jira server using exposed credentials. Once they gained access, they claimed to use a MiniOrange REST API to scrape 400k rows of user data, which Grep says includes 75,000 unique email addresses and full names for Schneider Electric employees and customers.

In a post to a dark web site, the threat actor jokingly demands $125,000 in “Baguettes” not to leak the data, sharing more details about what was stolen.

“This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totally more than 40GB Compressed Data,” reads the threat actor’s post.

Grep told BleepingComputer they recently formed a new hacking group, International Contract Agency (ICA), named after Hitman: Codename 47 game. The threat actor says this group does not extort the companies they breach.

Instead, if a company does not acknowledge they were breached within 48 hours, they will leak any stolen data.

Now that Schneider Electric has confirmed the breach, we will have to see if the threat actor will continue to leak or sell the stolen data.

Earlier this year, Schneider Electric’s “Sustainability Business” division was breached in a Cactus ransomware attack, where the threat actors claimed to have stolen terabytes of data.