Rheinmetall AG, Leading German Weapons Manufacturer, Confirms Black Basta Cyberattack - 1

Rheinmetall AG, Leading German Weapons Manufacturer, Confirms Black Basta Cyberattack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Rheinmetall AG, automotive and arms manufacturer based in Germany, confirmed that Black Basta ransomware group was behind the April 2023 cyberattack. The attack only affected the civilian business related to its automotive division.

With over 27,000 employees and a reported revenue of Euro 6.4 billion in 2022, Rheinmetall AG is one of the leading players in the automotive and arms manufacturing business and operates at 132 locations and production sites, worldwide.

Rheinmetall’s April cyberattack was first reported by Spiegel magazine in which they were unable to confirm the origins of the attack. The news came to highlight again, when last week the Black Basta gang posted screenshots of the alleged stolen data on its dark web blog.

The company is said to be on the target list of Killmilk, former leader and founder of Russia-based private military and hacking company, Killnet. Recently, the group has been targeting pro-Ukraine companies and countries across the US and Europe. Rheinmetall is one of the key suppliers of weapons to Ukraine and has been subjected to attacks by Killmilk and his supporters.

According to Rheinmetall, the arms business comprising weapons and vehicle manufacturing remained unaffected as the company maintains separate IT infrastructure for both its civilian and military divisions.

The company also confirmed that it is already investigating to determine the extent of damages and has also informed the relevant authorities, including filing a criminal complaint with the public prosecutor’s office of Cologne.

Earlier this year, the group tried to attack the company’s network, including the IT infrastructure in Germany and Australia, by deploying swarm-based attacks. However, the company at that time confirmed that no real damage on the day-to-day operations of the IT infrastructure was visible.

In the April 2023 attack, a double extortion method was used by the Black Basta ransomware gang, in which the threat actors publishe data in intervals to force the victim to pay ransom within a specified time.

According to security researchers, Black Basta which first appeared in April 2022, is associated with the Russia-linked cybercrime group FIN7. It has been associated with the recent high-profile cyberattacks in the US and Europe, including the American Dental Association, German-based Deutsche Windtechnik, Swiss-based ABB , and the British outsourcing company Capita.

ABB, Leading Tech Provider, Hit by Black Basta Ransomware Attack - 2

ABB, Leading Tech Provider, Hit by Black Basta Ransomware Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Swiss multinational corporation ABB, a prominent technology provider specialising in electrification and automation, faced operational disruptions due to a ransomware attack known as Black Basta.

With headquarters in Zurich, ABB employs around 105,000 individuals and anticipates sales of $29.4 billion in 2022. Its services encompass industrial control system (ICS) and supervisory control and data acquisition (SCADA) system development, catering to clients such as Volvo, Hitachi, and municipalities like Nashville and Zaragoza.

ABB , a company with over 40 engineering, manufacturing, research, and service facilities in the United States, has a strong presence serving various federal agencies such as the Department of Defense, U.S. Army Corps of Engineers, and departments including Interior, Transportation, Energy, United States Coast Guard, and the U.S. Postal Service. However, on May 7th, ABB experienced a cyber attack orchestrated by the Black Basta ransomware gang, a cybercrime group that emerged in April 2022.

The attack affected numerous computers, particularly the Windows Active Directory, leading to the compromise of sensitive information. In response, ABB promptly halted customers’ VPN access to prevent further spread of the malware.

A confidential source confirmed an attack on ABB, which has reportedly led to project delays and disruptions in factories. When contacted for comment, ABB declined to respond. The cybercrime group Black Basta, known for its Ransomware-as-a-Service (RaaS) operation, had been targeting companies since April 2022. By collaborating with the QBot malware operation, they distributed Cobalt Strike to compromise devices, allowing Black Basta to infiltrate business networks and spread across multiple devices.

The Black Basta ransomware group, associated with the financially motivated criminal organization FIN7 (Carbanak), has expanded its operations to include a Linux encryptor specifically designed to target VMware ESXi virtual machines hosted on Linux servers. Researchers have linked FIN7 to this ransomware gang. The threat actors have targeted various organizations, including the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada, among others, since the campaign’s inception.