The French multinational and Global Energy company, has confirmed a security breach after a hacker claimed to have stolen data from the company’s Jira server. This announcement follows claims by a hacker group calling themselves “Hellcat,” who alleged they had extracted over 40GB of sensitive data, including user information, from Schneider Electric’s Jira server. This breach raises significant concerns about data security, especially as the stolen information potentially includes confidential project details and sensitive user data.
Schneider Electric suffered yet another cyber-attack. The incident marks the third cyber breach in less than two years and second breach this year, after hacker group known as “Grep” claimed to have hacked the company’s systems and exposed sample data on social networking site X.
The HellCat ransomware group (Grep, has rebranded itself as the “Hellcat ransomware gang”) claimed to have compromised Schneider Electric’s infrastructure on November 2nd, when they posted on its dark web leak site. Then on 4 November, a threat actor by the name of Greppy posted to X to taunt the French multinational:
“Hey @SchneiderElec how was your week?”
“Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data.”
A sample of the stolen data, which appears to contain email addresses and connections to JIRA accounts, was also released by the threat actor in response to their own tweet.
This breach has compromised critical data, including projects, issues, and plugins, along with 400,000 rows of user data, totaling more than 40GB compressed data.
To ensure the erasure of this data and stop its public distribution, the hacker group demanded $125,000 USD in baguettes. Threatened that the compromised information will be made public if this demand is not met.
In reference to the company’s new CEO, Olivier Blum, the hacking group also stated that the ransom would be lowered by 50% if Schneider Electric acknowledged the breach.
The Company has confirmed it suffered a breach as a hacker claimed to have stolen data from the firm’s Jira server. It has also confirmed that its products and services remain unaffected while Schneider Electric’s global incident response team were immediately mobilized to respond to the incident.
The company was impacted last year by the massive MOVEit data theft attacks that exposed information belonging to more than 2,700 organizations.
While earlier this year on January 17, Schneider Electric was hit by Cactus Ransomware. On January 29, it confirmed that the hack had compromised several systems, including the company’s Resource Advisor.
It was confirmed that Sustainability Business division of Schneider Electric was only affected by this cyber-attack and no other entities were affected. The Cactus ransomware group had apparently claimed responsibility for the hack, which allegedly stole terabytes of company’s data.
Schneider Electric’s Global Incident Response team was able to contain the incident, reinforce existing security measures and aaccess to business platforms reopened on January 31, 2024.
10 Tips for Strengthening Cybersecurity to Prevent Future Breaches:
- Implement Multi-Factor Authentication (MFA): Strengthen access controls with MFA to minimize risks associated with compromised credentials.
- Use Secure APIs: Ensure that API endpoints are securely configured to prevent unauthorized access to sensitive systems.
- Regularly Update and Patch Software: Routinely update all software, especially project management tools like Jira, to prevent exploits on known vulnerabilities.
- Enable Data Encryption: Encrypt sensitive data both in transit and at rest to protect it even if accessed by unauthorized users.
- Monitor for Unusual Activity: Implement real-time monitoring tools that can flag unusual patterns, particularly around access to critical systems.
- Isolate Sensitive Environments: Maintain an isolated environment for critical data and restrict access to essential personnel only.
- Conduct Regular Security Audits: Regularly review and test security protocols to identify and address vulnerabilities before they can be exploited.
- Invest in Threat Intelligence: Stay informed on emerging cyber threats to be proactive in your defenses, especially for targeted industries.
- Implement Access Control Protocols: Use role-based access control to limit user permissions and prevent unauthorized data access.
- Create an Incident Response Plan: Have a robust response plan in place to quickly address security breaches and mitigate their impact.
Conclusion:
Threat to Critical Infrastructure is all time high. Energy firms have vast amounts of personally identifiable information (PII), which is valuable on the dark web and provides cybercriminals with great leverage when they demand a ransom.
In recent years Prominent energy firms were impacted by ransomware attacks including Tata Power, Suncor Energy and Energy One in the year in 2023. According to a recent SecurityScorecard study from 2023, 90% of the largest energy organizations in the world had a supply chain data breach over the previous 12 months. This finding was startling.
Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!
, which is valu){kind=link}