Industry News

“Professional” hackers steal industrial secrets from ThyssenKrupp

ThyssenKrupp, one of the world’s major steel makers, has said it has fallen victim to a “professional” hacking attack, with the intent of conducting industrial espionage and stealing trade secrets.

The attack, which is thought to have taken place in February, was uncovered by the German company’s own CERT (Cyber Emergency Response Team) in April and made public this week.

Although ThyssenKrupp appears to be reluctant to point a finger at any particular country or state-sponsored organisation for the attack, the heavy industry giant said in a statement that it believed the hackers originated from Southeast Asia.

"Professional" hackers steal industrial secrets from ThyssenKrupp

ThyssenKrupp has been the target of a cyber-attack. It has been a professional attack, apparently from the Southeast Asian region. According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage).

The systems of Business Area Steel Europe were also said to have been affected by the incident.

ThyssenKrupp does not presently have any estimate on the scale of the harm done, or what intellectual property may have been stolen. But it is keen to stress that it does not believe that there were any security deficiencies at the company, and is not blaming staff for making any mistakes:

The incident is not attributable to security deficiencies at ThyssenKrupp. Human error can also be ruled out. Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations. ThyssenKrupp has been successful in both respects. We continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at ThyssenKrupp even further.

Be under no illusion – hackers aren’t just interested in stealing your credit card details, your passwords or even your identity.

Organised hacking gangs, some of who are very likely to be state-sponsored, are breaking into companies to steal secrets and to gather information.

ThyssenKrupp owns 670 companies around the world, employing over 150,000 people in approximately 80 countries. It doesn’t just make steel – its other businesses include the production of military submarines and warships.

As we put more and more sensitive information on our corporate networks, more and more governments and intelligence agencies will be minded to create hacking teams to steal it.

Our best defence against such attacks is a layered defence, maximising the opportunities to detect a security breach while minimising the opportunities for a hacker to break through in the first place.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.