A threat group called Hellcat took credit for the Schneider Electric attack and claimed it had obtained 40 gigabytes of data. The group said it was able to gain access to the company's Atlassian Jira environment.

Researchers at Kroll confirmed they were aware of the group Hellcat, but did not have any additional information on the group or the incident.

Researchers at Arctic Wolf said they were aware of social media claims on X, but could not confirm any specifics related to the incident. Twitter accounts linked to the group began appearing in July and there are only three alleged victims listed on the threat group's website.

Bleeping Computer reported that a threat actor identified as Grep claims to have accessed Schneider Electric using compromised credentials, claiming to have 75,000 unique names and email addresses.

The incident marks the third cyber breach in less than two years for Schneider Electric. In January, the company's sustainability business division was targeted in a ransomware attack. Cactus ransomware claimed credit for that incident.

The January attack impacted the company's Resource Advisor platform, which is used by more than 2,000 customers across the globe. The platform is used to monitor energy and resource data.