In-brief: Reuters reports that an attack on the German steel giant ThyssenKrupp had origins in asia and targeted steel manufacturing secrets.
Reuters is reporting today that the German steel giant ThyssenKrupp was the target of a large-scale cyber attack that made off with valuable industrial secrets.
The firm acknowledge on Thursday that internal teams discovered a months-long breach that began in February and stretched to April. Hackers, believed to be based in “southeast Asia” stole what Reuters described as “project data” from ThyssenKrupp’s plant engineering division and “other areas yet to be determined.”
ThyssenKrupp did not immediately respond to email and phone requests for comment on the Reuters report.
Reports in the German business magazine Wirtschafts Woche said that the hackers used back doors and attacked sites in Europe, India, Argentina and the United States run by the Industrial Solutions division, which builds large production plants. The group was apparently interested in “technological know-how and research results, particularly in the two Industrial Solutions and Steel Europe divisions.”
The Hagen Hohenlimburg specialty steel mill in western Germany was also targeted, the report added.
Targeted attacks against industrial firms are not new, and many are believed to be orchestrated by foreign competitors, or foreign governments acting on their behalf. The firm Crowdstrike has, for example, documented the work of groups like “Putter Panda,” which work in collusion with the Chinese military to obtain intellecual property and industrial secrets relating to defense technology in areas like space surveillance, remote sensing so on.
According to the Wirtschafts Woche report, ThyssenKrupp appears to have learned of the attack early on, but then shadowed the group for months as they conducted reconnaisance before expelling them from the network.
In a podcast with The Security Ledger in August, we talked with Tim Bandos of Digital Guardian, who spent 12 years doing incident response at the chemical giant DuPont said that even that firm had no formal capacity to respond to cyber attacks at first, but developed one over time. DuPont was a high value target and was the victim of an insider, Gary Min, who made off with prorietary documents.