ThyssenKrupp, a major supplier of steel to Germany's automotive sector and other manufacturers, has announced that some of its trade secrets were stolen in a cyber-attack.
The attacks were carried out in February but not spotted until April. The company, one of the world's largest steel makers, said in a statement, “It has been a professional attack, apparently from the southeast Asian region.”
ThyssenKrupp's in-house computer emergency response team (CERT) spotted the attack and immediately alerted its board of executives of the attacks.
“The aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions as well as Business Area Steel Europe,” a statement from the company said.
Andrea Carcano, founder and chief product officer of Nozomi Networks said, “Steel mills and other critical infrastructure components are now in the crosshairs of sophisticated and well organised hackers whose goals of malicious disruption are broad and varied. Stepping up the detection of cyber-attacks of IP theft and, more importantly, the industrial control systems that operate critical infrastructure facilities from manufacturing to energy production will lead cyber-security priorities in 2017.”
The company did not specify what was stolen and said it cannot put a value on the intellectual property that was lost.
Law enforcement and data protection bodies in the state of North Rhine-Westphalia are now working with ThyssenKrupp on a criminal investigation.
The company confirmed that other systems in its steel business – which operates steel blast furnaces and power plants in Duisburg, Germany – are secure and unaffected by the attack.
ThyssenKrupp's other businesses, which include elevators and a marine systems unit, produce military submarines and warships which are also said to be unaffected by the attack.
Jonathan Sander, VP of product strategy at Lieberman Software, told SC Media UK: " The real question will be if these bad guys knew what they wanted or got lucky. Did they exfiltrate gigs upon gigs of data and just happen to get the good stuff in the lot? Or did they plan and scheme to find exactly the right files to cause maximum damage or make maximum returns on the cyber black market?"