German-based ThyssenKrupp, one of the world’s largest steel producers, has announced that it has been the target of a cyber attack.
The company said that the attack was a professional endeavour and has been traced back to the Southeast Asian region.
The goal of the incursion was to steal technological know-how and research from some areas of the company’s Business Area Industrial Solutions.
The attackers also breached the systems of Business Area Steel Europe, but didn’t affect the specially secured IT systems of critical operations such as the company’s Business Unit Marine Systems or production IT of blast furnaces and power plants in Duisburg.
“There have been no signs of sabotage and no signs of manipulation of data and applications or other sabotage,” the company reassured.
According to Reuters‘ sources, the attacks were detected in April 2016 by the company’s Computer Emergency Response Team, and have been traced back to February.
ThyssenKrupp’s CERT and CIOs of all the company’s Business Areas observed and analyzed the attack, while also revising and improving the attacked IT systems.
“Since then, all of ThyssenKrupp´s IT systems are being controlled for new attempted attacks (24/7 monitoring),” the company added.
Authorities (data protection authorities and the national office for cyber security) and relevant organizations (DCSO – German organization for cyber-security) have been notified of the incident and been kept in the loop. A criminal investigation has also been started.
The company says that the attack was not the result of security deficiencies or human error.
“Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations. ThyssenKrupp has been successful in both respects,” they noted, and said that they “continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at ThyssenKrupp even further.”
ThyssenKrupp is in talks to merge with Indian multinational steel-making company Tata Steel.