Steelmaker loses data during brazen cyberattack

ThyssenKrupp, one of the world’s largest steelmakers, has revealed that it was the victim of a ‘massive cyberattack’ earlier this year.

The company was targeted by attackers from southeast Asia in what it has described as “organised, highly professional hacker activities”.

The hackers were trying to obtain “technological know-how and research results”, according to the company. “ThyssenKrupp has become the target of a massive cyberattack,” the company said in a statement.

The attack targeted systems from ThyssenKrupp’s Industrial Solutions and Steel Europe divisions. The complete loss of intellectual property has not been confirmed, however the company noted that “fragments of data” were stolen.

The content of the data remains unclear, aside from project data from an engineering plant. According to Forbes magazine, that attackers were able to exfiltrate “data records from multiple business units before [their activity] was discovered and stopped.”

Critical IT systems such as those used by its Marine Systems division, which builds naval vessels and submarines, or by its blast furnaces and power plants were not affected, the company claimed.

The company’s internal security team discovered the breaches in April, and was able to trace them back to February.

ThyssenKrupp held off publicising the attack while it cleansed its systems. “It’s important not to let the intruder know that he has been discovered,” said a spokesperson.

The company is certain that the attack was neither the result of security deficiencies, nor human error.

Cyber-crime units of the police force remain involved. In a statement, the company concluded, “Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organised, highly professional hacking attacks.”

The Financial Times noted that last year, Standard & Poor’s and Moody’s, the rating agencies, said the threat of cyber theft was rising across all sectors and they would become a higher priority in analysing companies’ risks.