German auto and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.

Rheinmetall is a German manufacturer of automobiles, military vehicles, armaments, air defense systems, engines and various steel products, which employs more than 25,000 people and has annual sales of more than $7 billion.

On Saturday, May 20, 2023, BlackBasta posted Rheinmetall on its extortion site with samples of the data hackers claimed to have stolen from the German company.

Sample data released includes non-disclosure agreements, technical drawings, passport scans and purchase orders.

Rheinmetall entry to BlackBasta extortion site
Rheinmetall entry to BlackBasta extortion site (Computer Beep)

Responding to a request for comment on the authenticity of the leaked data and alleged network breaches, a Rheinmetall spokesperson confirmed the attack, saying it only affects its civilian department.

“Rheinmetall continues to work to resolve a computer attack by the Black Basta ransomware group. This was detected on April 14, 2023. It affects the Group’s civilian activities.

Due to the strictly separated IT infrastructure within the group, Rheinmetall’s military business is not affected by the attack.” – Rheinmetall

In addition, the company said it informed the relevant law enforcement authorities and filed a criminal complaint with the Cologne public prosecutor’s office.

Rheinmetall plays an important role in helping Ukraine and recently strengthened its ties with a state-owned tank manufacturer in Ukraine by launch a new program of strategic cooperation.

BlackBasta’s Recent Activity

The BlackBasta ransomware gang launched its operations in April 2022 and has recently succeeded in several breaches against high-profile entities.

On May 07, 2023, the threat group announced an attack against the leading provider of electrification and automation technologies ABB.

In April 2023, BlackBasta breached the Canadian directory publisher Yellow Pages Groupstealing sensitive documents and data in the process.

On March 22, 2023, threat actors infiltrated the corporate network of Heada British outsourcing giant under contract with several British government departments and the military.

Later, on May 13, Capita warned its customers to assume that BlackBasta had compromised their data.

Source link