Cyber Incident Victim: Exco Technologies Limited
Date:
Jan 2023
Location:
Canada
Summary
Exco Technologies experienced a cyber incident impacting three production facilities within its Large Mould Group, prompting immediate containment measures including system isolation and engagement of independent experts. The company temporarily disabled affected systems during investigation but expects substantial operational restoration within two weeks, with no material interruptions to customer shipments reported. While financial implications remain under assessment, the broader corporate operations and other business segments were unaffected. Remediation efforts prioritize data security and operational recovery, leveraging industry best practices to minimize disruption across its global manufacturing footprint.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Exco Technologies Limited, a global supplier servicing the die-cast, extrusion, and automotive industries, announced on January 23, 2023, that three production facilities within its Large Mould Group experienced a cyber incident discovered the prior week (approximately January 16, 2023). The company immediately initiated containment measures, securing affected systems and engaging independent cybersecurity experts to assist with investigation and remediation efforts aligned with industry best practices. Exco temporarily disabled certain computer systems across the impacted facilities to isolate the threat and prevent further operational compromise. The incident remained confined to the Large Mould Group segment, with no disruption reported across the company’s remaining operations, including its Automotive Solutions Group and other casting and extrusion facilities. Recovery efforts focused on safely restoring disabled systems, with Exco anticipating substantial operational restoration within two weeks of the announcement. Despite system disruptions, the company confirmed no material interruptions to customer shipments had occurred, nor were significant delays expected during the recovery phase.
The cyber incident’s specific nature—including attack vectors, threat actor identity, and whether data exfiltration occurred—was not disclosed in public statements. Exco emphasized ongoing financial impact assessments but highlighted its uninterrupted shipment capabilities as a mitigating factor against severe revenue loss. The Large Mould Group, part of Exco’s casting and extrusion division, operates within a global network of 16 tooling plants across nine countries, though only three facilities were compromised. Independent analysts, citing the absence of ransomware claims or explicit data theft disclosures, suggested the attack might not involve ransomware but noted precautionary system shutdowns could prolong operational delays. Exco’s response prioritized system integrity and gradual restoration over public disclosure of technical specifics, reflecting a containment-focused strategy without elaborating on long-term security adjustments. The company reiterated its commitment to data security throughout its communications but did not provide timelines for completing forensic investigations or detailed recovery milestones beyond the initial two-week operational restoration estimate.