Companies
09/12/2016

In 'Massive' Cyber Attack, Thyssenkrupp Secrets Stolen




In cyber attacks earlier this year, hackers stole technical trade secrets from the steel production and manufacturing plant design divisions of ThyssenKrupp AG, the German company said.
 
Engaged in what it said were "organized, highly professional hacker activities", it had been targeted by attackers located in southeast Asia, ThyssenKrupp, one of the world's largest steel makers, said.
 
Hackers stole project data from ThyssenKrupp's plant engineering division and from other areas yet to be determined in breaches discovered by the company's internal security team in April and traced back to February.
 
"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement.
 
In recent years there have been widespread consumer and financial data losses globally due to cyber attacks on banks, retailers and other businesses. Deutsche Telekom routers were hacked that caused outage for nearly 1 million customers and the ThyssenKrupp's disclosure followed that attack last week.
Estimates put the costs to businesses in the billions of dollars even as revelations of industrial espionage are far rarer. Until the United States and China agreed not to hack each other's businesses, China was frequently blamed for such commercial hacking attacks.
 
the Industrial Solutions division, which builds large production plants was the receiver of the attacks  and the German business magazine Wirtschafts Woche reported the attacks hit sites in Europe, India, Argentina and the United States. The report added that the Hagen Hohenlimburg specialty steel mill in western Germany was also targeted.
 
The company declined to speculate on likely suspects  or identify specific locations which were infected. It said it could not estimate the scale of the intellectual property losses.
 
Before implementing new safeguards to monitor its computer systems, ThyssenKrupp said it waited to publicize the attack while it identified, then cleansed infected systems in one concerted, global action. "It is important not to let the intruder know that he has been discovered," a spokesman said.
 
The company said that an investigation had been initiated after a criminal complaint was filed with police in the state of North Rhine-Westphalia. In addition to the board at Thyssen, state and federal cyber security and data protection authorities were kept informed at each stage.
 
The company said that the cyber attack had not affected the secured systems operating steel blast furnaces and power plants in Duisburg, in Germany's industrial heartland in the Ruhr Valley.
 
Its marine systems unit, which produces military submarines and warships saw no braches.
 
An unidentified German steel plant had been prevented from properly shutting down the mill's blast furnace and caused physical damage in a previous cyber attack.
 
Without giving technical details and the location of the plant has remained shrouded in mystery, the country's Federal Office for Information Security (BSI) revealed two years ago that the attack caused "massive damage".
 
Subsequent media reports identified the target as a ThyssenKrupp facility, but the company has denied it was hit.
 
According to a Der Spiegel report, the targets of major attacks by Chinese hackers in 2012 were the industrial conglomerate, along with Airbus parent EADS.
 
(Source:www.reuters.com) 

Christopher J. Mitchell
In the same section