German steel giant ThyssenKrupp has been hit by a major cyber-attack designed to steal trade secrets from its IT systems, it revealed on Thursday.
In a statement, the firm claimed that the “professional attack” was launched from Southeast Asia and aimed “to steal technological know-how and research” from its steel production and manufacturing plant design divisions.
The hackers did not attempt to interfere with or sabotage production systems or manipulate data or applications, it continued.
The firm is still assessing exactly what information might have been stolen, and has informed the relevant authorities.
It claimed the attack was in no part due to security deficiencies or human error at the firm, and said its early detection has helped prevent a more serious outcome.
It explained:
“The attack was discovered, continuously observed and analyzed by thyssenkrupp´s CERT (Computer Emergency Response Team). Chief Information Officers of all Business Areas have been involved. The attacked IT systems have been revised. Since then, all of thyssenkrupp´s IT systems are being controlled for new attempted attacks (24/7 monitoring).”
This isn’t the first time a German steel mill has been targeted. In December 2014 hackers successfully breached the systems of an unnamed facility, causing widespread physical damage and disruption to blast furnaces.
Andrea Carcano, founder of Nozomi Networks, argued that steel mills are now very much in the cross-hairs of organized crime gangs.
“The ThyssenKrupp attack appears to have only extracted intellectual property (IP) and hasn’t caused property damage or compromised personnel safety,” he added.
“However, given the reported depth and sophistication of this intrusion, it may be that this was to be a multi-step attack and that the adversaries were planning a long-game in which IP, such as design and production information, is collected in order to perpetrate a future attack with severe consequences.”