Schneider Electric says hackers accessed internal project execution tracking platform

French multinational Schneider Electric confirmed on Monday that it is investigating a cyberattack following reports of a breach.

The company told Recorded Future News that its global incident response team has been mobilized to look into an alleged ransomware attack, which was claimed by a relatively unknown group on Saturday. 

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” the company said. 

Schneider Electric is one of the world’s largest digital automation and energy management companies, with more than 100,000 employees and a reported revenue of $39 billion last year.

In January, the company said its Sustainability Business division suffered from a ransomware attack that affected its Resource Advisory product — a data visualization tool for sustainability information — as well as other “division specific systems.”

On Saturday, the HellCat ransomware gang took credit for the most recent attack, claiming it accessed Schneider Electric’s Atlassian Jira system, allowing them to allegedly steal about 40GB worth of project data and user information. 

The gang threatened to leak the information if it was not paid a $125,000 ransom. 

The group emerged last week and has since claimed an attackon Jordan’s Ministry of Education, an incident that could not be verified. 

Little is known about the group, but the FBI told CyberScoop last week that it has conducted more than 30 ransomware disruption operations this year — likely leading to groups splintering off into smaller operations. 

BleepingComputer, which first reported the incident, allegedly spoke to one of the hackers behind the attack on Schneider Electric and the person made several claims in an interview with the outlet as well as on social media site X.