Schneider Electric confirms cyberattack investigation into stolen Jira data

The French firm confirmed to Capacity that it has rolled out its Global Incident Response team to look into unauthorised access to its internal project tracking platforms.

A hacker known as “Grep” posted on X (formerly Twitter) over the weekend claiming to have been behind the attack.

According to BleepingComputer, Grep stole data related to projects and plugins and demanded $125,000 worth of baguettes to not leak the data — before posting more than 400,000 rows of data totalling 40GB on a forum on the dark web.

In a statement to Capacity, Schneider Electric said none of its products and services have been affected by the incident as it looks into the breach.

Grep is a notable threat actor, and was behind the breach at French technology services giant Capgemini, where API keys, staff information, and T-Mobile virtual machine logs were among the data that was stolen.

Other prior Grep victims include Dell Technologies, where they also stole Jira files and information about staff.

The hacker's name originates from the Unix command function, which stands for “global search for lines matching a regular expression” which is used to search for text patterns in files that contain regular expressions.

While Grep is believed to have acted alone in its attack on Schneider Electric, the hacker told BleepingComputer that it had formed a new hacking group.

The group, known as International Contract Agency (ICA), a name they appropriated from the shadow organisation from the Hitman video games series, won’t extort the companies they breach — instead, publishing stolen information if their victims fail to acknowledge the incident within 48 hours.

Schneider Electric replaces CEO Herweck over strategy concerns

Cisco shuts down DevHub developer environment following data breach

Cisco hit by major breach: Hackers steal confidential data and source code