Schneider Electric, a French multinational renowned globally for its energy and industrial automation products, confirmed to The Cyber Express that hackers gained access to one of its internal systems. The confirmation followed claims of a data breach on the dark web, where hackers reportedly offered to cut the ransom in half if Schneider’s newly appointed CEO publicly acknowledged the breach.
“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” a company spokesperson told The Cyber Express. Our Global Incident Response team has been immediately mobilized to respond to the incident.
HellCat Ransomware Claims Breach
News of the breach first came to light when a newly emerged ransomware group “HellCat,” listed the energy giant on its leak site and claimed the entry point of the breach to be its Atlassian Jira system.
HellCat said they allegedly stole 40 gigabytes worth of data including projects, issues, plugins, and over 400,000 rows of user data from the Atlassian Jira breach. As the common modus operandi that nearly all financially motivated ransomware gangs follow, HellCat demanded a ransom of $125,000 in XMR from Schneider Electric to not make the data public.
Some X (formerly known as Twitter) users have shared proof about the Schneider Electric breach and although the veracity of these details could not be verified, by the looks of it, the data seems highly sensitive as it exposes details such as full names, email address, access rights and application names of the internal developers of Schneider Electric.
The company did not give any clarification regarding these claims in its statement but said: “Schneider Electric´s products and services remain unaffected.”
HellCat ransomware group emerged late last month and has since claimed two other victims: the College of Business Education in Tanzania and Ministry of Education in Jordan.
Hackers Leave a Welcome Note for New CEO
Incidentally, on the day that hackers claimed the breach, Schneider Electric announced the unanimous appointment of Olivier Blum as its new chief executive officer. The energy and automation giant in a surprising move ousted its now Ex-CEO Peter Herweck after only a year and a half in charge, citing disagreements with the board.
“The Board of Directors decided to remove from office Peter Herweck as Chief Executive Officer due to divergences in the execution of the company roadmap at a time of significant opportunities,” the official statement said.
Olivier Blum, is a 54-year-old French national, who will now lead Schneider Electric’s rapidly growing Energy Management business across all markets, including datacenters. A member of the Executive Committee since 2014, Blum has held key roles within Schneider, including Group Chief Strategy & Sustainability Officer, Chief Human Resources Officer, and Country President of Greater India for five years. He also spent five years as a strategic and business leader in China.
Likely as a welcome gesture to Blum and for media publicity, HellCat said that they will give a 50% discount if the new CEO admits to being breached. “Its your choice Olivier,” the hackers said.
Not the First Whammy
Schneider Electric had previously fallen victim to Cl0p and Cactus ransomware too. While Cl0p exposure was likely part of the larger MoveIT breach the Cactus ransomware gang claimed to exfiltrate 1.5 terabytes of data, according to the threat intel of Cyble’s Research and Intelligence Labs.
Cactus published the folder tree structure of the compromised data and also leaked sample documents containing passport images, NDA, backup information, audit details, and financial details.
Also read: Complexity Mounts in Schneider Electric Data Breach: Cactus Ransomware Claims Responsibility
