April 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Nokia Investigates Data Breach After Threat Actor Allegedly Stole Source Code
November 5, 2024CVE-2024-49522 – Adobe Substance 3D Painter Vulnerability
November 5, 2024Nokia Investigates Data Breach After Threat Actor Allegedly Stole Source Code
November 5, 2024CVE-2024-49522 – Adobe Substance 3D Painter Vulnerability
November 5, 2024
Severity
High
Analysis Summary
A threat actor allegedly stole 40GB of data from Schneider Electric's JIRA server, and the company has admitted that a developer platform was compromised.
A cybersecurity incident involving illegal access to one of the company’s internal project execution tracking platforms, housed in a remote environment, is being looked into by Schneider Electric. The company says they have promptly engaged their Global Incident Response team to address the problem. The products and services offered by Schneider Electric are not affected.
Schneider Electric is a multinational corporation based in France that produces energy and automation solutions that range from enterprise-level industrial control and building automation products to domestic electrical components that are sold in big box retailers. The threat actor taunted the business on X over the weekend, claiming to have compromised its systems.
The threat actor claimed that they used compromised credentials to gain access to Schneider Electric's Jira server. After obtaining access, they asserted that they used a MiniOrange REST API to extract 400k rows of user data, including 75,000 distinct email addresses and full names for Schneider Electric clients and staff. The threat actor shared more information about what was stolen and humorously asked $125,000 in "Baguettes" in exchange for not leaking the data in a post on a dark web site.
The threat actor revealed that they had established a new threat group called International Contract Agency (ICA), which is titled after the Hitman: Codename 47 video game. This gang does not extort the companies they breach. Instead, any stolen data will be leaked if a corporation does not admit to the incident within 48 hours.
It is unknown whether the threat actor would continue to sell or leak the stolen data after Schneider Electric announced the intrusion. In a Cactus ransomware attack earlier this year, Schneider Electric's "Sustainability Business" branch was compromised, and the threat actors claimed to steal terabytes of data.
Impact
- Unauthorized Access
- Sensitive Data Theft
Remediation
- Regularly back up critical data and systems. In the event of a successful attack or compromise, having recent backups can help you restore operations and minimize data loss.
- Implement multi-factor authentication to add an extra layer of security to login processes.
- Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
- Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
- Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
- Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
- Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
- Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.
