Dive Brief:

• Schneider Electric on Monday said it is investigating a cyber incident following claims by a suspected threat actor that it had gained access to company data. 
• The incident involved “unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment,” according to a spokesperson for the French multinational company. The firm has extensive operations in the U.S. 
• The company immediately mobilized its global incident response team and the spokesperson said the company’s products and services were not affected by the incident.

Dive Insight:

A threat group called Hellcat took credit for the Schneider Electric attack and claimed it had obtained 40 gigabytes of data. The group said it was able to gain access to the company’s Atlassian Jira environment. 

Researchers at Kroll confirmed they were aware of the group Hellcat, but did not have any additional information on the group or the incident.

Researchers at Arctic Wolf said they were aware of social media claims on X, but could not confirm any specifics related to the incident. Twitter accounts linked to the group began appearing in July and there are only three alleged victims listed on the threat group’s website. 

Bleeping Computer reported that a threat actor identified as Grep claims to have accessed Schneider Electric using compromised credentials, claiming to have 75,000 unique names and email addresses. 

The incident marks the third cyber breach in less than two years for Schneider Electric. In January, the company's sustainability business division was targeted in a ransomware attack in January. Cactus ransomware claimed credit for that incident. 

The January attack impacted the company’s Resource Advisor platform, which is used by more than 2,000 customers across the globe. The platform is used to monitor energy and resource data. 

Schneider Electric was previously claimed as a victim of Clop in connection with the MOVEit zero-day vulnerability.