8 recent cyber attacks on the manufacturing industry

In the highly competitive world of manufacturing, the intellectual property of competitors can save adversaries millions of dollars, if not billions, in product development, and shrink time to market timelines considerably.

The shutdown of production lines can lead to product shortages that result in consumers switching suppliers, as well as starve manufacturers of revenue in the short and long term, on top of recovery costs.

In 2023, 71% of all ransomware attacks on industrial companies were encountered by the manufacturing sector.

The March 2024 Wisdiam newsletter focused on manufacturing, and provides links to tabletop exercise materials to facilitate practicing responding to attacks.

This page summarises some of the most recent cyber attacks on manufacturing companies that are in the public record.

The majority of organisations, of any type, prefer not to publicly report their incidents, so the reality is that more attacks are occurring than we hear about.

Volkswagen

Automobile manufacturer headquartered in Wolfsburg, Lower Saxony, Germany.

Date: 2010-2015 [Publicly reported April 2024] Consequences: Theft of intellectual property

Hackers breached Volkswagen’s systems and stole sensitive information over several years, including details about gasoline engines, transmission development, fuel cells, and electric vehicle initiatives. At least 19,000 documents related to the company’s research and development were exfiltrated.

Read more on zdf.de (via Google Translate) and cybernews.com.

Nexperia

Semiconductor manufacturer headquartered in Nijmegen, the Netherlands.

Date: March 2024
Consequences: Data breach, theft of intellectual property, and shutdown of IT systems

A ransomware group named Dunghill Leak claimed to have breached Nexperia. In their ransom demand they threatened to release, amongst other information, design, product, engineering, commercial and marketing data, as well as confidential personnel and client files. Clients named included SpaceX, IBM, Apple, and Huawei.

Read more on nexperia.com and bleepingcomputer.com.

Hoya Corporation

Japanese company manufacturing optical products, headquartered in Shinjuku City, Tokyo.

Date: March 2024
Consequences: Data breach, systems shutdown

A ransomware group named Hunters International claimed to have breached Hoya Corporation, allegedly stealing 1.7 million files. Some production and sales activities were halted as a consequence of the attack. Labs around the world were unable to process orders for some time.

Read more on itnews.asia and bleepingcomputer.com.

Duvel Moortgat

Family-controlled brewery founded in 1871 in Antwerp Province, Belgium.

Date: March 2024
Consequences: Production halted, data stolen

Duvel Moortgat detected intruders in their systems, immediately shutting them down to minimise the spread of ransomware in accordance with their cyber incident response plan. The shutdown included the production line. Ransomware group Stormous claimed the attack, claiming they stole 88 gigabytes of data from the brewer.

Read more on brauwelt.com and cybernews.com.

ThyssenKrupp

German industrial engineering and steel production multinational conglomerate, headquartered in Essen, Germany.

Date: February 2024
Consequences: Production shutdown

A ransomware attack that hit the ThyssenKrupp Automotive Body Solutions unit ultimately failed due to early detection of malicious activity. However, as part of the company’s cyber incident response, systems were shutdown as a matter of course to prevent any unauthorised users in the system or deployed ransomware from spreading.

Read more on bleepingcomputer.com and securityweek.com.

VARTA

Battery manufacturer for global automotive, industrial, and consumer markets, headquartered in Ellwangen, Germany.

Date: February 2024
Consequences: Production shutdown, lost emails

IT and production systems were proactively shut down temporarily for security reasons and disconnected from the internet. All five VARTA production sites—three in Germany and one each in Romania and Indonesia—as well as administration were impacted.

Read more on therecord.media and marketscreener.com.

Yanfeng

Chinese automotive parts developer and manufacturer, headquartered in Shanghai, with global operations including North America.

Date: November 2023
Consequences: Data breach and production halted, costly legal dispute with customers

North American production was halted when hackers breached computer systems. Ransomware group, Qlin, later published files including financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports to prove they gained access. Several months later, Stellantis, manufacturer of Ram and Jeep vehicles, put in a claim for $26 million to Yanfeng, claiming it was forced to temporarily shut down production due to lack of supply.

Read more on bleepingcomputer.com and carscoops.com.

Clorox

Manufacturer and marketer of consumer and professional products headquartered in Oakland, California, United States.

Date: August 2023
Consequences: Production stopped, leading to supply shortage, recovery costs exceeding $50M

A hacker infiltrated the Clorox systems in August 2023 and deployed ransomware to encrypt files and hold the company to ransom. When they were detected, systems were shutdown to minimise the spread of the ransomware. Although production systems weren’t directly hit by ransomware, processing the order pipeline became challenging without operational supporting systems.

Read more on securityweek.com and yahoo.com.