Cyber Incident Victim: ThyssenKrupp AG
Date:
Feb 2024
Location:
Germany
Summary
A cyberattack targeting Thyssenkrupp's Automotive Body Solutions division resulted in unauthorized access to its IT infrastructure, prompting immediate containment measures including system shutdowns and security protocols. The incident disrupted production at multiple automotive component manufacturing facilities, including a Saarland site affecting approximately 1,000 employees. The company confirmed no impact on other business segments and stated the threat was under control, with efforts underway to restore normal operations. This follows a prior cybersecurity incident against the company's materials division.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 23, 2024, Thyssenkrupp Material Services' Automotive Body Solutions business unit detected an unauthorized cyber intrusion into its IT infrastructure. The company's internal IT security team identified the breach early that Friday, prompting immediate containment measures coordinated with Thyssenkrupp Group's cybersecurity personnel. As a precautionary response, administrators disconnected affected applications and systems from corporate networks, implementing unspecified security protocols to isolate the compromise. This defensive action caused partial operational disruptions at multiple automotive manufacturing facilities specializing in automotive body part production, including the Wadern-Lockweiler plant in Germany's Saarland region where approximately 1,000 employees assemble vehicle body components. Work stoppages occurred at several production sites under the automotive supplier division, though the company confirmed other Thyssenkrupp business segments and Automotive Technologies units remained unaffected by mid-incident assessment.
Thyssenkrupp's corporate communications department publicly acknowledged the cyberattack on the same day of detection through spokesperson Evelin Veit, who characterized the situation as "under control" by February 26, 2024. The organization initiated phased restoration of disconnected systems while maintaining severed network connections to compromised infrastructure as containment persisted. No data theft, ransomware deployment, or attacker identity claims were disclosed in available statements. This incident marks at least the second confirmed cybersecurity breach against Thyssenkrupp's materials division since 2022, when the company's materials trading unit suffered a separate cyber intrusion. Production impacts were confined to automotive manufacturing operations, with corporate leadership emphasizing ongoing efforts to resume normal operations across affected facilities through systematic recovery procedures. The company did not disclose forensic findings regarding intrusion vectors, dwell time, or potential data compromise during the incident lifecycle.