[German]Currently (March 8, 2023), production at the Airbus site in Nordenham/Germany seems to be halted (at least in parts). The background to this seems a cyber attack on the logistics service provider (named by my informants as LTS), whose systems probably have been affected by ransomware. Without the systems of this logistics service provider, production at the Airbus plants will probably no longer be possible in the long term. Currently, however, I do not have any confirmation from the logistics service provider. But several sources and Airbus have confirmed the information.
Advertising
An unnamed source told me on March 8, 2023, that the production of aircraft components for Airbus at the Nordenham plant has come to a standstill. The background is that the service provider "LTS" has been hacked.
Ransomware at Honold LTS Aerospace?
The source, who wished to remain anonymous, reported that the IT systems "of LTS" had been hacked. Quote: "Nothing works anymore", employees at the Airbus plant in Nordenham (belongs to Airbus Aerostructures) were instructed to stop work if the "computers no longer start and remain black".
In addition, my source was talking about the alleged Russian cyber attackers demanding a ransom of 15 million euros. That sounds like a ransomware infection to me – and if the IT systems of a logistics service provider are infected, customers can't use the systems anymore.
What crosses my mind is that, in addition to the Airbus plant in Nordenham, which manufactures shells for Airbus fuselages, the entire Airbus production could be affected, with plants as far away as Toulouse/France.
I had already received the information from my source yesterday, Wednesday, March 8, 2023, but did not receive any further verification. My press inquiries to Honold Aerospace and Premium Aerotec GmbH (which I had mistakenly still located as the owner of the plant) remained unanswered. A contact with the editorial manager of the local newspaper Kreiszeitung Wesermarsch did not result in any clarification yesterday evening.
Advertising
In the meantime, however, I have a second confirmation in response to a vague inquiry in my social media networks. Quote from Peter in an email (thanks for that) titled Hunold LTS Nordenham:
"LTS and A&T server hacked. Nothing works here at the moment" it was told by my acquaintance at LTS.
"A&T server" is A&T (stands for Albers & Tönjes GmbH, a German service provider that manufactures aircraft parts, probably also active in IT with solutions, see this article), so has nothing to do with AT&T (thanks to the reader for the background information).
Later I got additional information, and forming into a complete picture. From Christoph Heilscher, editorial director of the Wesermarsch district newspaper, I had the information on the evening of March 8 that there were sufficient material stocks in parts of the Airbus plant in Nordenham.
On the morning of March 9, I received the information that there were massive disruptions in individual areas after all, that it was not possible to work everywhere at the Airbus plant in Nordenham. Employees in some areas were even said to be drawing on their working time accounts. Heilscher also confirmed my assessment that this disruption would have an impact on the logistics chain at Airbus as a whole. This is because shells for the aircraft fuselage are manufactured in Nordenham, which are then delivered to other locations (e.g. Toulouse) for final assembly.
An article in the NWZ (unfortunately behind a paywall) states that the disruption originates from a service provider that operates the materials management center at the Airbus plant in Nordenham. According to the Airbus spokesman Werdung mentioned below, employees are staying at home (working time account compensation) or taking part in further training.
From another source I have received the (otherwise not yet verified) information that the server with the SAP system of the two service providers LTS and A&T has been hacked or compromised – and 20 million euros are being extorted "for recovery". This also fits into the picture I have from the first source and points to a ransomware attack (it said screens stayed black when the computers booted up). There are discrepancies in the amounts mentioned by the cyber attackers, but the information fits into the overall picture (and cyber criminals tend to adjust their demands – it's often like a bazaar).
I would also use SAP systems for warehousing, which also sounds conclusive. Airbus may well have its own SAP systems for materials management in Nordenham. But the material flows have to be coordinated – and if one system fails or is compromised, nothing works at first. IT will sever the connection between the systems, and access to the hacked SAP systems will then no longer be possible.
Regarding the SAP thesis, this company page says: "Honold Logistik Gruppe and LTS Nordwest founded a 50% joint venture in 2016: Honold LTS Logistik GmbH. This bundles Best In Class SAP IT, local strength, expertise and experience in logistics for the aerospace industry and latest technology. We can offer you a Best In Class package!
In the description of the services I then found the hint that LTS uses SAP EWM. SAP EWM is part of the Supply Chain Management Suite of SAP AG. The product Extended Warehouse Management is an integrated software platform for the processing of goods movements and inventory management in the warehouse.
SAP EWM offers companies the ability to control warehouse processes and manage movements in the warehouse, mitigate problems and issues with improved warehouse efficiency, and transform operations into an adaptable fulfillment supply chain that can share its resources.
My source said: "Airbus Aerostructures has its own SAP server but needs partial access to Albers' [SAP server] (LTS/A&T), meaning they can look in to see what material is there. Affected are now the areas at Aerostructures that are dependent on LTS. Where there's still material on station, they can still continue to operate on a limited basis." Fits the picture I have from other sources. If anyone in the readership knows more, feel free to leave information.
A statement from Airbus
In the meantime, Airbus has also issued a statement. Spokesman Daniel Werdung wrote me the following regarding my mail inquiry Cyber attack on logistics service provider LTS – production at Airbus plant in Nordenham affected – request for statement:
Here is our statement on IT disruptions in Nordenham:
We are currently assuming a disruption in the IT system in logistics at one of our service providers. The investigations are still ongoing. Experts are working to resolve the disruption and restore smooth operations. As the departments are affected in different ways, individual measures are being taken temporarily for each area if necessary.
A small note: Since July 1, 2022, the Nordenham site belongs to Airbus Aerostructures.
Honold LTS hasn't answered my request for a statement.
Airbus Aerostructures
Airbus Aerostructures manages and delivers rear fuselages and large structural components to Airbus. This includes the production of fuselage shells and the subsequent structural assembly and equipping, the manufacturing of vertical tail planes made of light carbon fibre reinforced plastic, and the production of complex thermoplastic CFRP clips as well as high-quality sheet metal forming parts.
The wholly owned Airbus subsidiary includes four state-of-the-art production sites in Germany: the Hamburg headquarters, the plant in Stade, and the former Premium AEROTEC plants of Nordenham and Bremen.
Logistics service provider (Honold) LTS
The Internet contains information that Honold LTS Logistik supplies aircraft manufacturers with parts for in-house transport (just-in-sequence). In addition, the logisticians pick up manufactured individual parts and sections from production, pack them and ship the products to the respective end customers of the manufacturers (here probably Airbus).
With this information the hint of my source about the described problems gets a sense. There is also a special division for aerospace services. On its website, the logistics company Honold Aerospace advertises services for the aerospace industry.
I therefore assume that the abbreviation "LTS", which my sources mentioned, means the service provider Honold Aerospace – Airbus Industries did not mention the name.
