Rheinmetall Confirms BlackBasta Ransomware Attack on Civilian Business

German automotive and arms manufacturer, Rheinmetall AG, has confirmed that its civilian business has been impacted by a BlackBasta ransomware attack. Rheinmetall is a manufacturer of automotive, military vehicles, armaments, air defense systems, engines, and various steel products, employing over 25,000 people with an annual revenue of over $7 billion.

On May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site, along with samples of data that the hackers claimed to have stolen from the German company. The published data samples include non-disclosure agreements, technical schematics, passport scans, and purchase orders.

Rheinmetall’s entry on the BlackBasta extortion site (Source: BleepingComputer)

A Rheinmetall spokesperson confirmed the attack, clarifying that it only impacted its civilian department. “Rheinmetall is continuing to work on resolving an IT attack by the ransomware group Black Basta. This was detected on 14 April 2023. It affects the Group’s civilian business. Due to the strictly separated IT infrastructure within the Group, Rheinmetall’s military business is not affected by the attack,” said the spokesperson.

The company also stated that it had informed the relevant law enforcement authorities and filed a criminal complaint with the Cologne public prosecutor’s office.

Rheinmetall plays an important role in providing aid to Ukraine and recently upgraded its ties with a state-owned tank manufacturer in Ukraine by launching a new strategic cooperation program.

Recent BlackBasta Activity

The BlackBasta ransomware gang launched its operations in April 2022 and has had multiple successful breaches against high-profile entities recently. On May 7th, 2023, the threat group announced an attack against leading electrification and automation technology provider ABB. In April 2023, BlackBasta breached the Canadian directory publisher Yellow Pages Group, stealing sensitive documents and data in the process. On March 22nd, 2023, the threat actors infiltrated the corporate network of Capita, a British outsourcing giant contracted by multiple departments of the UK’s government and army. Later, on May 13th, Capita warned its customers that they should assume BlackBasta compromised their data.

Leave a Reply

Your email address will not be published. Required fields are marked *