Pierluigi Paganini February 26, 2024

ThyssenKrupp disclosed a security breach that impacted its automotive division last week, in response to the attack the company shut down IT systems.

Steel giant ThyssenKrupp disclosed a security breach that impacted its Automotive division last week. The company shut down IT systems in response to the attack. The news of the attack was reported by the Saarbrücker Zeitung. The attack hit a factory in Saarland employing around 1,000 employees. 

ThyssenKrupp AG is a German industrial engineering and steel production multinational conglomerate. 

ThyssenKrupp AG has an annual revenue of over $41 billion (2022) and employs over 103,000 personnel.

Company spokeswoman Evelin Veit confirmed that the attack only impacted Thyssenkrupp Automotive Body Solutions business unit. She confirmed that the company discovered an unauthorized access to the IT infrastructure.

“The IT security of Automotive Body Solutions recognized the incident early on and has now contained the danger with the IT security of the Thyssenkrupp Group ,” Veit told the website Golem.de.

The spokeswoman added that the situation is currently “under control” and the German industrial group is working on a “gradual return to normal operations.”

The company did not disclose details of the attack, however the decision to shut down the IT systems suggests it was the victim of a ransomware attack.

This isn’t the first time that the company was the victim of a cyber attack. In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”

In 2016, alleged Asian threat actors targeted ThyssenKrupp to steal company secrets. The investigators speculated the attack was carried out by a group of professional hackers from Southeast Asia that were interested in the technological know-how and research activities of the company.

On December 28, 2020, ThyssenKrupp Materials group of companies based in U.S. and Canada were breached by the NetWalker ransomware group. The hackers managed to access sensitive HR information and documents about the company’s current and former employees.

The confidential information accessed by the attackers included the SSN and bank account information of employees.

In August 2020, ThyssenKrupp System Engineering was hit by the Mount Locker ransomware group. In

In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations.

In December 2022, ThyssenKrupp AG announced that the Materials Services division and corporate headquarters were hit by a cyberattack.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, cyberattack)