Cyber attack on Danish wind turbine manufacturer Vestas (Nov. 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]Last week Friday, November 19, 2021 there seems to have been a cyber attack on the Danish wind turbine manufacturer Vestas. The company had to shut down its IT systems as a result and is currently trying to bring IT back up.


Advertising

Vestas Wind Systems is based in Aarhus, Denmark, and is the world's largest manufacturer of wind turbines by sales and installed capacity, according to Wikipedia. The company had about 23,000 employees in 26 countries at the end of 2017, including Denmark, Germany, Sweden, the United Kingdom, Italy, China, Japan, the United States and Australia. I just became aware of a cyber incident at Vestas via the following tweet from Thycotic.

Cyber-Attack on Vestas

On Saturday, November 20, 2021, the company admitted to a cyber security incident on its corporate IT system. The announcement states:

Vestas was affected by a cybersecurity incident on November 19, 2021. To contain the problem, IT systems were shut down in several business units and locations.

The company's cybersecurity crisis management team is working with internal and external partners to fully contain the issue and restore our systems, the company announced. Customers, employees and other stakeholders may be affected by the shutdown of several of our IT systems, Vestas said. The company then provided a brief update in today's announcement, dated Nov. 22, 2021. 

Vestas discovered a cybersecurity incident on Nov. 19, 2021, and has since been working around the clock with external partners to contain the situation and restore the integrity of its IT systems.

The company's preliminary findings indicate that the incident affected parts of Vestas' internal IT infrastructure and that data was compromised. At this time, the work and investigation is ongoing.

However, there are no indications that the incident had any impact on third party operations, including customers and the supply chain. Vestas' manufacturing, engineering and service teams were able to continue operations, although several operational IT systems were shut down as a precautionary measure. Vestas has already initiated a phased and controlled restart of all IT systems.

Vestas is doing its utmost to keep all stakeholders informed of the situation and will provide further information when possible.

The indication that the IT systems are gradually being brought back up could mean that the attack was defended, detected in an early stage or limited. However, there is also the possibility that the systems are still compromised. Currently, I could not find out any further details during a research. For example, it is unclear whether it was just a hack to siphon off information or whether ransomware was active and data was siphoned off. It is also unclear whether customer data was leaked.


Advertising

Similar articles:
Ransomware Attack on electronic retail markets of Media Markt/Saturn
Media Markt/Saturn: Ransomware attack by hive gang, $240 million US ransom demand
Ransomware attack on German medical service provider medatixx
Kisters AG victim of ransomware attack (Nov. 10/11, 2021)
Structures of Conti ransomware group exposed – payment infrastructure offline
WordPress: Sites hacked via plugin, shows fake ransomware claim (Nov. 2021)
Babuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks
ProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021)
CERT-Federation, USA, GB warns about attacks on Exchange and Fortinet
CERT warning: Compromised Exchange servers are misused for email attacks (Nov. 2021)


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *