Breach Notification , Fraud Management & Cybercrime , Incident & Breach Response
Cyber Incident Knocks Construction Firm Palfinger OfflineUnknown Attack Has Disrupted the Company's Global IT Infrastructure
The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
"Currently, the Palfinger AG and the majority of its sites are the target of an ongoing global cyberattack with massive effects on its IT infrastructure," states a notification posted to the company's U.S. website on Monday.
Palfinger says it does not yet know the extent or full impact of the attack, or how long it will continue, but it is making an intensive effort to find a solution.
"For the time being, Palfinger cannot be contacted via e-mail nor can it receive or process inquiries, orders, shipments and invoices. Your personal points of contact during this phase are only available by telephone," the company says.
The company did not indicate what type of attack is taking place. But Brett Callow, threat analyst with the security firm Emsisoft, says: "Given Palfinger's statement that the attack is affecting multiple systems and sites, ransomware is the most likely explanation."
Palfinger has more than 11,000 employees spread over 35 locations worldwide. The company's primary business is the manufacture of hydraulic lifting, loading and handling systems and cranes.
Palfinger did not immediately reply to Information Security Media Group's request for additional information about the incident
Manufacturing Under Attack
In another incident in the manufacturing sector, Kawasaki Heavy Industries reported Monday that, in December 2020, an unknown threat actor gained access to its internal network through servers located in an overseas office, with some data possibly being leaked to a third party, according to a company statement (see: Kawasaki: Cyber Incident May Have Resulted in Data Loss).
The breach was discovered on June 11 after an internal audit found an unauthorized connection between a company server in Japan and another corporate server located in Thailand, the company says. Communication with the Thai server was immediately severed, but the follow-up investigation found additional unauthorized connections.
The Japanese auto giant Honda acknowledged in June 2020 that it had been victimized in a way that affected production operations at several of its global facilities, including plants in the U.S., Japan, Turkey and Italy. A hacker accessed and inserted malware into an internal server at a Honda facility in Japan that eventually spread throughout the company's network (see: Honda Confirms Hack Attack Disrupted Global Production).