Skip to main content
close search
site logo
Dive Brief

Schneider Electric investigating cyber intrusion after threat actor gains access to platform

The French multinational company has been a previous target of ransomware groups.

Published Nov. 5, 2024
David Jones's headshot
Reporter
A facade of a Schneider Electric building.
A facade of a Schneider Electric building. The French multinational company is investigating a cyber incident that allowed unauthorized access to an internal project execution tracking platform. Permission granted by Schneider Electric

Dive Brief:

  • Schneider Electric on Monday said it is investigating a cyber incident following claims by a suspected threat actor that it had gained access to company data. 
  • The incident involved “unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment,” according to a spokesperson for the French multinational company. The firm has extensive operations in the U.S. 
  • The company immediately mobilized its global incident response team and the spokesperson said the company’s products and services were not affected by the incident.

Dive Insight:

A threat group called Hellcat took credit for the Schneider Electric attack and claimed it had obtained 40 gigabytes of data. The group said it was able to gain access to the company’s Atlassian Jira environment. 

Researchers at Kroll confirmed they were aware of the group Hellcat, but did not have any additional information on the group or the incident.

Researchers at Arctic Wolf said they were aware of social media claims on X, but could not confirm any specifics related to the incident. Twitter accounts linked to the group began appearing in July and there are only three alleged victims listed on the threat group’s website. 

Bleeping Computer reported that a threat actor identified as Grep claims to have accessed Schneider Electric using compromised credentials, claiming to have 75,000 unique names and email addresses. 

The incident marks the third cyber breach in less than two years for Schneider Electric. In January, the company's sustainability business division was targeted in a ransomware attack in January. Cactus ransomware claimed credit for that incident. 

The January attack impacted the company’s Resource Advisor platform, which is used by more than 2,000 customers across the globe. The platform is used to monitor energy and resource data. 

Schneider Electric was previously claimed as a victim of Clop in connection with the MOVEit zero-day vulnerability.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Clay Platte Family Medicine Data Breach Investigation
From Migliaccio and Rathod LLP
October 21, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Torus Unveils Integrated Energy Storage and AI-Driven Cybersecurity Solutions
From Torus
October 24, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell