Analysis
Attacks and Vulnerabilities
Critical infrastructure
News

Two thyssenkrupp divisions targeted in cyberattack, though no data breached

December 22, 2022
Two thyssenkrupp divisions targeted in cyberattack, though no data breached

Industrial engineering and steel production conglomerate thyssenkrupp AG confirmed that it was fending off a cyberattack against two of its divisions, though no data appeared to have been compromised.

“thyssenkrupp is currently the target of a cyber attack – presumably by organised crime. Parts of the Materials Services and Corporate headquarters are currently affected,” a spokesperson of thyssenkrupp Materials Services, wrote in an emailed statement to Industrial Cyber. “The possibility of the other segments and business units being affected can be ruled out at this time.”

The spokesperson added that the Group’s IT security (thyssenkrupp Cyber Defense Center) recognised the incident at an early stage and is currently restoring the security of the system. “An interdisciplinary crisis team has been set up and is working together with the group’s IT security to limit the attack and ideally end it as quickly as possible.” 

“At this point in time, no damage has been done, nor are there any indications that data has been stolen or changed. The responsible authorities are involved,” according to the spokesperson.  

The statement did not comment on how many systems were affected or the nature of these systems. 

Headquartered in Essen, Germany, thyssenkrupp is an international group of companies comprising largely independent industrial and technology businesses and employing around 96,000 people. Its business activities have been bundled in six segments, including Materials Services, Industrial Components, Automotive Technology, Steel Europe, Marine Systems, and Multi Tracks.

Commenting on the thyssenkrupp attack, Duncan Greatwood, CEO at zero trust security vendor Xage Security, wrote in an emailed statement that “cyberattacks on Thyssenkrupp AG are another example of increasing risks to industrial organizations and the global supply chain.” 

“In fact, cyber risks are now spreading from energy and utility sectors, and making their way into the manufacturing sector – such as steel manufacturing and heavy industries – in an effort to cause massive chaos,” according to Greatwood. “The mindset needs to shift from not just detecting and responding to cyberattacks on critical infrastructure, but blocking them from inception. Prevention is possible, even once the threat has infiltrated the network or compromised some systems.” 

Accelerating implementation of preventive cybersecurity capabilities should be a key priority for industrial organizations and critical infrastructure operators in 2023, Greatwood added.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience