Skip to content ↓ | Skip to navigation ↓

Hackers stole technical trade secrets from some of the business areas of ThyssenKrupp Steel in a “professional attack.”

On 8 December, the German industrial group published a statement confirming the incident:

“thyssenkrupp has been the target of a cyber-attack. It has been a professional attack, apparently from the Southeast Asian region. According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage). Systems of Business Area Steel Europe were also affected.”

The company hasn’t gone into detail about which of its locations the hackers might have affected. According to Reuters, German business magazine Wirtschafts Woche says the attack hit locations in Europe, India, Argentina, and the United States. Those sites operate under the control of Industrial Solutions, a division which is responsible for building production plants.

OLYMPUS DIGITAL CAMERA
Source: Wikimedia Commons

ThyssenKrupp noted some key systems the hackers didn’t touch, however. Its IT of Business Unit Marine Systems, which helps build submarines and warships, came out unscathed, as did its blast furnaces and power plants in Duisburg.

The group’s lucky. Around the end of 2014 and amid the noise of the Sony hack, a German steel mill suffered “massive” damage when an attack targeted its industrial control systems and prevented workers from shutting down a blast furnace.

At this time, it’s unclear what facilitated the attack against ThyssenKrupp. But the company’s Computer Emergency Response Team (CERT), which detected the intrusion in April 2016, has ruled out both security deficiencies and human error:

“Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations. thyssenkrupp has been successful in both respects. We continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at thyssenkrupp even further.”

While it works to estimate the loss of stolen intellectual property, the industrial group has notified its legal department, external lawyers, relevant data protection authorities, and the national office for digital security. It’s also filed charges with the State Office for Criminal Investigation

SANS White Paper: Security Basics