ThyssenKrupp, one of the largest global steel manufacturers, has confirmed that it was hit by hackers and that sensitive trade secrets have been stolen as part of a "massive" cyberattack. The data breach, which was uncovered by the firm's internal security department in April, involved hackers making away with project data from ThyssenKrupp's plant engineering division and possibly other areas, according to reports.
"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement, Reuters reported. The firm is yet to divulge information on how many of its departments were compromised, adding that it currently cannot estimate the scope of intellectual property losses.
The identity of the attackers and how the attack was conducted remain unclear.
Jonathan Sander, VP of Lieberman Software, told IBTimes UK: "In the movies, spies use little cameras, steal folders stuffed with paper, or sneak into someone's office to copy files from their laptop. Real espionage, even corporate espionage, starts with spam and malware and ends up with a data breach. The real question will be if these bad guys knew what they wanted or got lucky."
Andrea Carcano, Founder and Chief Product Officer of Nozomi Networks, told IBTimes UK: "This is not the first time a German steel mill has been targeted. A successful breach of a German steel mill's control systems in December of 2011 manipulated and disrupted the control systems of the steel mill's blast furnace, resulting in a massive fire and shutdown.
"The ThyssenKrupp attack appears to have only extracted intellectual property (IP) and hasn't caused property damage or compromised personnel safety. However, given the reported depth and sophistication of this intrusion, it may be that this was to be a multi-step attack and that the adversaries were planning a long-game in which IP, such as design and production information, is collected in order to perpetrate a future attack with severe consequences."
ThyssenKrupp claims that it waited to disclose the attack while it identified infected systems and removed the infections as part of a global countermeasure, before it implemented new and advanced security measures. "It is important not to let the intruder know that he has been discovered," a spokesman said.
The firm said law enforcement authorities have launched an investigation into the attack, which is currently ongoing.
Carcano cautioned: "Steel mills and other critical infrastructure components are now in the cross-hairs of sophisticated and well organised hackers whose goals of malicious disruption are broad and varied. Stepping up the detection of cyberattacks of IP theft and, more importantly, the industrial control systems that operate critical infrastructure facilities from manufacturing to energy production will lead cybersecurity priorities in 2017."