Fendt Tractor

Cyber Attack Halts Production at Ag Equipment Maker AGCO Fendt

A cyber attack has disrupted the operations of AGCO/Fendt, a major manufacturer of agricultural equipment, the company has acknowledged.

AGCO/Fendt, headquartered in Duluth, Georgia, said in a statement to the Security Ledger that it was the subject of a cybersecurity incident that “has impacted some of our production facilities. We are working to address the issues. Our first priority is to restore those critical activities needed to keep farmers farming.” The company first acknowledged the attack on Thursday, May 5.

Factories hobbled in Germany, France

That followed published reports in German and French publications stemming from unexpected shutdowns of manufacturing facilities in those countries. For example, Fendt employees at the Marktoberdorf, Germany site were temporarily sent home according to a report in the Allgäuer Zeitung. Disruption of the company’s computer network has suspended production and transportation of tractors at the facility. Subsequent reports have identified other AGCO/Fendt facilities in Germany and France that have been crippled by the attacks, including one in Bäumeheim, Germany.

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

In its statement, AGCO/Fendt did not provide an update on the company’s efforts to recover from the attack. A spokesman said AGCO/Fendt would “provide updates to impacted employees, dealers, suppliers and customers as the situation progresses.”

Cyber attacks on agriculture on the rise

So far there is little information on who or what is behind the attack on the manufacturing sites. However, law enforcement and officials in the U.S. have been warning about the prospect of heightened attacks on agriculture. After a string of ransomware attacks on grain coops in September and October, the FBI recently warned of more cyber attacks targeting the agricultural sector as planting season commenced. 

The FBI said a number of attacks have targeted grain coops and other food and agriculture supply chain players already in 2022. They include a March 2022 Lockbit 2.0 ransomware attack on what’s described as a “multi-state grain company” that also provides seed, fertilizer, and logistics services and a February 2022 attempted attack on a “company providing feed milling and other agricultural services.”

As we noted last week, the FBI warning does not mention attacks on agricultural equipment makers, but experts say that the ability of such attacks to cause widespread disruption of farming activity can’t be discounted.

Risk of cyber attacks grows

A 2019 report for Lloyd’s of London on the Evolving Risks in Global Food Supply notes that the advent of technology-enabled precision agriculture makes farming and food production more susceptible to cyber disruptions, according to Molly Jahn, a co author of the report who is a program manager in the Defense Sciences office at DARPA and a faculty member at the University of Wisconsin Madison.

Kevin Kenney, a Nebraska farmer and advocate for farmers’ right to repair said that the economics of planting and harvest season make it the ideal time for cybercriminals and nation state actors to do their thing.

“We’re just getting going with our most important three weeks of the year; planting corn and soybeans.   During this time, an average farmer’s time is worth $1000/hour versus the harvest value of his crop.  Running tractor equipment means everything,” he wrote in an email.  

The same features that let local agricultural equipment dealers know when a piece of equipment they’ve sold or serviced has thrown an error code might also allow a cyber criminal to launch a remote attack that cripples that same equipment, Kenney argued.

“If one of the thousands of John Deere Dealerships can do this…don’t you suppose a bad actor could do the same?” 


  1. Pingback: The Global Food Supply is Collapsing: Food Plants Exploding, Farms Set Ablaze, and Millions of Chickens are Being Killed - DailyVeracity

  2. I worked for a very large agribusiness company in industrial automation. My process controllers, and digital automation computers were on their own dedicated and proprietary communication network. The display terminals were direct hardwired feeds over coaxial cables. The data entry terminals, used propriety hardware, and a custom dedicated O.S. not based on Windows, Linux, or iOS. Analog data sensors used wired 4-20mA current loops. Production orders and reports were generated on a different office network that had no gateway to the automation. One day the I.T. department installed a gateway, for remote access (automation) troubleshooting over the internet. It had a single CAT5 cable connection to the automation controllers, locked in a secure computer center, with logged key card access. I unplugged that cable from the network switch. In the event of an automation failure affecting production, one of only five people had access to reconnect that CAT5 cable for only as long as it was needed for trouble shooting. Those data packets were recorded to hard disk for later review as required. An e-mail notice was sent to my cell phone whenever that CAT5 cable went live. THERE IS NO REASON FOR INFRASTRUCTURE TO BE VULNERABLE. It is happening because of: 1. “Convenience” (laziness) 2. False economy 3.The surveillance mentality (snooping). 4.Control (management has to be in the loop) The last security measure implemented by the company I worked for was; LOYALTY. The company treated employees well, and we did everything we could to help them stay successful.

  3. Pingback: DEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition | The Security Ledger with Paul F. Roberts

  4. Pingback: DEF CON DOOM Patrol: Deere Jailbreak Raises Questions about Safety, Festival - Firnco

  5. Pingback: Episode 240: As Stakes Grow, Can Cyber Policy Needs to “Shift Right”?