Steel giant ThyssenKrupp confirms cyberattack on automotive division

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort.

ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion (2022).

The firm is a crucial component of the global supply chain of products that use steel as a material across various sectors, including machinery, automotive, elevators and escalators, industrial engineering, renewable energy, and construction.

In a statement to BleepingComputer, ThyssenKrupp says it suffered a cyberattack last week, impacting its automotive body production division.

"Our ThyssenKrupp Automotive Body Solutions business unit recorded unauthorized access to its IT infrastructure last week," stated a ThyssenKrupp spokesperson.

"The IT security team at Automotive Body Solutions recognized the incident at an early stage and has since worked with the ThyssenKrupp Group's IT security team to contain the threat."

"To this end, various security measures were taken and certain applications and systems were temporarily taken offline."

ThyssenKrupp has clarified that no other business units or segments have been impacted by the cyberattack, which was contained in the automotive division.

The firm also said that the situation is under control, and they are working on gradually returning to normal operations.

German news outlet Saarbruecker Zeitung, which first disclosed the attack last Friday, reports that ThyssenKrupp's Saarland-based plant, employing over a thousand specialists, was directly impacted by the attack.

The facility is involved in steel production and processing, as well as research and development, including collaborations with industry partners, research institutions, and universities.

BleepingComputer has asked ThyssenKrupp about the reported outage on Saarland, and the company confirmed that the production was shut down but clarified that supply to customers hadn't been impacted yet.

Holding such a prominent role in the global economy, ThyssenKrupp has found itself in hackers' crosshairs multiple times, including in 2022, 2020, 2016, and 2013, with most cases aimed at espionage and operational disruption.

At the time of writing, no major ransomware groups or other threat actors had assumed responsibility for the attack at ThyssenKrupp, so the type of breach remains unknown.