Schneider Electric, a France-based corporation that specialises in energy management and automation, has suffered its third data breach incident in under a year.
Our iZOOlogic researchers discovered this incident after the Hellcat ransomware group added the French company to its extortion site. The group claimed responsibility for the attack, exposing more than 40GB of compressed sensitive data.
Our team’s investigation also revealed that the incident occurred on November 4, 2024, after Hellcat posted Schneider Electric to their list of victims on a dark web forum.
The Hellcat ransomware exploited the Atlassian Jira system to breach Schneider Electric.
According to one of our iZOOlogic researchers, the Hellcat ransomware group exploited a vulnerability in the company’s Atlassian Jira system to acquire unauthorised access to Schneider Electric.
This exploit, which provided the attackers with initial access to the company, allegedly resulted in the exposure and heist of the company data. Our investigation indicated that the attack revealed a large amount of internal data, such as project files, task issues, and plugins. In addition, the exposed user data spans over 400,000 rows, raising concerns about the possible impact on Schneider Electric’s business and customers.
Our team also noted that the ransomware group hosts the purported stolen information on an onion site. As of now, the malicious groups demanded the company pay a $125,000 ransom to ensure that they would delete the stolen data and not make it publicly available.
On the other hand, Schneider Electric has yet to announce any payment and is presumably considering ways to lessen the consequences of this breach.
This cyberattack occurred one day after the appointment of Schneider Electric’s new CEO, Olivier Blum. As of now, the affected company has confirmed the incident and its attack on its JIRA server. However, they have yet to verify the Hellcat ransomware group’s claims.
This is the third time Schneider Electric has suffered such an incident in under a year. Earlier this year, the Cactus ransomware group also claimed to have stolen terabytes worth of data from the company. These consistent data breach incidents against the French company are concerning, as they hold one of the country’s most critical sectors.
