Friday, July 19, 2024

‘Professional’ hackers steal industrial secrets from ThyssenKrupp

ThyssenKrupp, one of the world’s major steel makers, has said it has fallen victim to a “professional” hacking attack, with the intent of conducting industrial espionage and stealing trade secrets.

Hackers believed to be from Southeast Asia were trying to obtain “technological know-how and research results” from the steel conglomerate, said a company spokesman, confirming a report in the Wirschaftswoche weekly.

“The attack is over and had been repelled,” he added.

The “massive cyber attack” had targeted divisions dealing with orders planning of industrial plants and steel works in Europe.

Highly protected parts of the company such as ThyssenKrupp Marine Systems or the IT control systems of the group’s blast furnaces and power plants were not affected.

“ThyssenKrupp has been the target of a cyber-attack. It has been a professional attack, apparently from the Southeast Asian region.”
“According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage).”

The systems of Business Area Steel Europe were also said to have been affected by the incident.

ThyssenKrupp does not presently have any estimate on the scale of the harm done, or what intellectual property may have been stolen. But it is keen to stress that it does not believe that there were any security deficiencies at the company, and is not blaming staff for making any mistakes:

The incident is not attributable to security deficiencies at ThyssenKrupp. Human error can also be ruled out.

Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations.

ThyssenKrupp has been successful in both respects. We continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at ThyssenKrupp even further.


Be under no illusion – hackers aren’t just interested in stealing your credit card details, your passwords or even your identity.

Organised hacking gangs, some of who are very likely to be state-sponsored, are breaking into companies to steal secrets and to gather information.

ThyssenKrupp owns 670 companies around the world, employing over 150,000 people in approximately 80 countries. It doesn’t just make steel – its other businesses include the production of military submarines and warships.

As we put more and more sensitive information on our corporate networks, more and more governments and intelligence agencies will be minded to create hacking teams to steal it.

Our best defence against such attacks is a layered defence, maximising the opportunities to detect a security breach while minimising the opportunities for a hacker to break through in the first place.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles