The French firm confirmed to Capacity that it has rolled out its Global Incident Response team to look into unauthorised access to its internal project tracking platforms.
Subscribe today for free
A hacker known as “Grep” posted on X (formerly Twitter) over the weekend claiming to have been behind the attack.
Hey @SchneiderElec how was your week?
— greppy (@grepcn) November 3, 2024
Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data >_<
According to BleepingComputer, Grep stole data related to projects and plugins and demanded $125,000 worth of baguettes to not leak the data — before posting more than 400,000 rows of data totalling 40GB on a forum on the dark web.
In a statement to Capacity, Schneider Electric said none of its products and services have been affected by the incident as it looks into the breach.
Grep is a notable threat actor, and was behind the breach at French technology services giant Capgemini, where API keys, staff information, and T-Mobile virtual machine logs were among the data that was stolen.
Other prior Grep victims include Dell Technologies, where they also stole Jira files and information about staff.
The hacker's name originates from the Unix command function, which stands for “global search for lines matching a regular expression” which is used to search for text patterns in files that contain regular expressions.
While Grep is believed to have acted alone in its attack on Schneider Electric, the hacker told BleepingComputer that it had formed a new hacking group.
The group, known as International Contract Agency (ICA), a name they appropriated from the shadow organisation from the Hitman video games series, won’t extort the companies they breach — instead, publishing stolen information if their victims fail to acknowledge the incident within 48 hours.
RELATED STORIES
Schneider Electric replaces CEO Herweck over strategy concerns
Cisco shuts down DevHub developer environment following data breach
Cisco hit by major breach: Hackers steal confidential data and source code