Schneider Electric Clawed by 'Hellcat' Ransomware Gang

The threat actors known as "Hellcat" claim to have stolen sensitive data from Schneider Electric, and the French industrial company has begun an investigation without formally acknowledging any data theft.

The hackers claim to have breached the industrial company's Jira issue tracking system and are demanding a $125,000 ransom.

"This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data," the threat actors wrote on their Tor website.

However, the cybercriminals note that the ransom will drop by half if Schneider Electric confirms the breach. If their demands are not met, they have threatened to make the data they stole from the vendor public. 

In addition, one of the hackers published evidence on social media platform X regarding how they gained access into the vendor's Jira system to steal the data.

Schneider Electric reported that the cybersecurity incident involved unauthorized access to one of its "internal project execution tracking platforms" and that its global incident response team has been mobilized to deal with the fallout.

This is the third breach in under two years that the manufacturer has faced; the first involved its sustainability business division in January at the hands of Cactus ransomware, and the second was connected to the MOVEit zero-day vulnerability.