ThyssenKrupp Cyber Attack Timeline

Date: 18 April 2024

Featured Image

Cyber Attacks in the Manufacturing Sector can be seriously disruptive. When production comes to a halt, the effects of any cybersecurity incident go beyond just damage to reputation and regulatory implications. The recent cyber attack on ThyssenKrupp is a case in point - Find out all about in this detailed ThyssenKrupp Cyber Attack Timeline. 

Topics covered in the ThyssenKrupp Cyber Attack Timeline: 

1. The Incident
2. The Impact on Customers & the Business
3. Actions Taken by ThyssenKrupp

We regularly create reader-friendly Cyber Attack Timelines to offer a nuanced perspective on the rise of cyber crime. These timelines capture how a cyber attack unfolded and how the victim organisation responded. The idea simply is to learn from the experiences of others and understand the importance of prioritising cybersecurity resilience at the earliest.   

Our NCSC Assured Training in Cybersecurity Incident Response Planning is one of the most promising ways to elevate your organisational resilience to cyber attacks. Undergoing the training will not only help your staff understand the impact of a cyber attack on the organisation, it will also clarify their individual roles and responsibilities in case of a cyber event. The businesses which have trained their staff in CIPR have also witnessed a dramatic improvement in the effectiveness of their Cyber Incident Response Plans and an improvement in cybersecurity decision-making

Do remember, however, that nothing enhances cybersecurity decision-making and cybersecurity leadership like Cyber Crisis Tabletop Exercises. Conducted in a simulated attack environment, these cybersecurity drills enable your staff to practise their response to cybersecurity incidents. They also become more familiar with what's inside the Cyber Incident Response Plans and Incident Response Playbooks through these scenario-based cyber tests.    

Complement the NCSC Assured Training with Cyber Attack Tabletop Exercises and you're in a much better position to respond to a cyber attack and bounce back faster from one. 

In case of ThyssenKrupp, as you'll read below, early isolation and rapid response to the cyber attack, rendered the ransomware attempt unsuccessful. This is the level of cyber resilience that businesses across the globe must aspire to with proper training and high standards of cybersecurity response. 

New call-to-action

The Incident - ThyssenKrupp

  • February 23, 2024: The Saarbrücker Zeitung, a German newspaper, reported that a hacker attack on the steel manufacturer and automotive supplier, Thyssenkrupp, affected operations. A plant in Saarland with around 1,000 employees was also affected. 
  • February 23, 2024: German news source Golem.de said ThyssenKrupp’s spokeswoman Evelin Veit confirmed the incident saying, "The IT security of Automotive Body Solutions recognized the incident early on and has now contained the danger with the IT security of the Thyssenkrupp Group," said Veit. 
  • February 26, 2024: According to BleepingComputer, Steel giant ThyssenKrupp confirmed that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort. 
  • February 26, 2024: According to SecurityWeek, a Thyssenkrupp spokesperson said in a statement: “Yes, it was a ransomware attempt which failed”. SecurityWeek said the data extortion ransomware attack was aimed at the multinational company’s Automotive Body Solutions business and halted factory production work. It also said that Thyssenkrupp described the situation as “under control” and said it was still able to supply customers.

Back to Top

New call-to-action

The Impact on ThyssenKrupp and its Customers

  • February 26, 2024: In a statement to BleepingComputer, ThyssenKrupp says it suffered a cyber attack, impacting its automotive body production division. "Our ThyssenKrupp Automotive Body Solutions business unit recorded unauthorised access to its IT infrastructure last week," stated a ThyssenKrupp spokesperson. 
  • February 26, 2024: According to BleepingComputer, ThyssenKrupp clarified that no other business units or segments have been impacted by the cyber attack, which was contained in the automotive division. 
  • February 26, 2024: BleepingComputer asked ThyssenKrupp about the reported outage on Saarland, and the company confirmed that the production was shut down but clarified that supply to customers hadn't been impacted yet. 
  • February 28, 2024: The WSJ said in its report that the company was continuing to investigate the incident. At this point, the spokeswoman said, there is no indication data has been stolen or altered, and other parts of its Automotive Technology division haven’t been affected.

Back to Top 

Actions taken by ThyssenKrupp

  • February 26, 2024: According to BleepingComputer, a ThyssenKrupp spokesperson said: "The IT security team at Automotive Body Solutions recognized the incident at an early stage and has since worked with the ThyssenKrupp Group's IT security team to contain the threat. To this end, various security measures were taken and certain applications and systems were temporarily taken offline". 
  • February 26, 2024: As per various sources like BleepingComputer, the victim firm also said that the situation was under control, and they were working on gradually returning to normal operations. 

Back to Top

New call-to-action