Norsk Hydro, one of the world’s largest producers of aluminium, says that it is battling an “extensive cyber-attack” that first hit its systems on Monday evening and then escalated overnight.
Norsk Hydro, often just referred to as Hydro, operates in some 50 countries worldwide, and is a major producer of hydroelectric power in Norway.
The most obvious external sign that anything is awry comes if you visit the company’s website at hydro.com.
Normally it looks like this:
But now the company appears to be redirecting website visitors to a holding page that displays a stark message:
Clearly the problem is significant and has affected many systems, impacting different areas of the company’s business globally.
Reuters reports that the company has shut several of its metal extrusion plants used to make components for car manufacturers and other industries, and that smelters as far afield as Brazil, Qatar, and Norway had been switched to manual operations.
In a Facebook post, Hydro says that people’s safety have not been put in danger by the attack, and that its main priority is to limit the attack as much as possible to ensure that people continue to remain safe.
According to the company, it doesn’t yet know the attack’s full impact, and it believes it is too early to determine how customers may be affected.
However, thankfully, Hydro does say that its hydroelectric power plants are continue to run normally as they are on isolated IT systems.
For now, with no easy method of updating its website, and its email systems down, Hydro says that its main external communication channel will be its Facebook account. (Let’s just hope that Facebook doesn’t suffer its own outage like last week, eh?)
It’s clearly not the type of situation that any corporation wants to find itself in, but it appears that Hydro is making an attempt to be transparent about what has happened, considering that it is still probably attempting to gather information.
Hydro has informed the authorities about the attack, including the Norwegian National Security Authority (NSM) which says that it is sharing details with other business sectors and international partners.
One thing which isn’t clear at this time is whether this was a targeted attack by someone against Hydro, or the unfortunate result of – say – a common-or-garden ransomware attack that struck particularly hard.
If it were an attack by state-sponsored hackers against another nation’s infrastructure, it certainly wouldn’t be the first. For instance, in recent years there have been a number of attacks targeting the Ukrainian electric power industry.
Anyone responsible for the security of industrial control systems and national infrastructure should think carefully about whether they have done enough to protect their systems, and what can be done to further reduce the opportunities for external hackers to attack.
As news of the Norsk Hydro cyber attack spread, aluminium prices rose to a three month high in early trading on the London Metal Exchange.