A hacker who calls himself “Grep” has not only stolen sensitive company data from the French electrical engineering group Schneider Electric, but is now also making fun of the long-established company.
The incident once again reveals the Achilles heel of even large corporations. According to the attacker, he managed to gain access to an internal project management system with frightening ease. In an interview with the tech portal BleepingComputer, “Grep” explained that he had gained access to Schneider Electric’s JIRA server using openly accessible access data. After successfully logging in, he used a MiniOrange REST API to systematically extract user data from the system. In doing so, he captured 400,000 data records, including 75,000 unique email addresses with the full names of Schneider Electric employees and customers.
The hacker’s ransom demand in a darknet forum is particularly mocking: he wants “125,000 dollars in the form of baguettes” – a tongue-in-cheek allusion to the group’s French origins. His group refrains from traditional blackmail. Instead, he presented the company with a choice: either they admit the incident publicly within 48 hours – in which case only half of the stolen data would be published – or the entire material would be posted online.
Schneider Electric responded promptly with a statement. The company is investigating a “cyber security incident involving unauthorized access” to an internal platform. The products and services were not affected, the company assured. It is not yet clear whether the hacker is satisfied with this.
The story shows the increasingly theatrical staging of cybercrime. While traditional blackmailers still operated in secret, the new digital intruders present themselves as a kind of performance artist of the hacker world – complete with their own brand identity and PR strategy.
This is the second incident of this kind for Schneider Electric this year. Just recently, the sustainability department was the victim of a ransomware attack.