Swiss rail vehicle manufacturer Stadler hit by a malware-based attack

Stadler, a Swiss manufacturer of railway rolling stock disclosed a data breach, hackers attempted to blackmail the company.

International rail vehicle manufacturer, Stadler, disclosed a security breach that might have also allowed the attackers to steal company data.

Attackers confirmed that attackers compromised the IT network of the company and deployed some of its machines with malware that was used to exfiltrate data from the infected devices.

“Stadler internal surveillance services found out that the company’s IT network has been attacked by malware which has most likely led to a data leak. The scale of this leak has to be further analyzed. Stadler assumes
that this incident was caused by a professional attack from unknown offenders.” reads the data breach notification published by the company.

The company revealed that intruders asked for a large amount of money and are attempting to blackmail Stadler by threatening to release the stolen data.

“The offenders try to extort a large amount of money from Stadler and threaten the company with a potential publication of data to harm
Stadler and thereby also its employees.” continues the notification. “Stadler initiated the required security actions immediately, a team of external experts was called in and the responsible authorities were involved. The company’s backup data are complete and functioning. All affected systems are being rebooted.”

The rail vehicle manufacturer is investigating the incident with the help of external security experts.

Stadler did not pay the ransom and has resumed operations by restoring its backups.

The Swiss website Tagblatt confirmed that that the cyber attack impacted all the locations of the group.

“The IT network of the rail vehicle manufacturer Stadler has been attacked with malware.” reported the Swiss media. “There was a high probability of an outflow of data that was not yet known,” as the company headquartered in Bussnang announced on Thursday evening. Stadler is assuming “a professional attack”.

“The whole group is affected by the cyber attack”, including the many other locations in Switzerland and abroad. Now check whether you are also reporting in other countries. In Switzerland, Stadler also has locations in Altenrhein, St.Margrethen, Erlen, Winterthur, Wallisellen and Biel.” said company spokeswoman Marina Winder.

The rail vehicle manufacturer has filed a complaint with the Thurgau public prosecutor.

“Despite the corona pandemic and cyber attacks, the continuation of the production of new trains and Stadler’s services is guaranteed,” the company added.

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.