Cyber Incident Victim: DESMI A/S
Date:
Apr 2020
Location:
Denmark
Summary
A global pump manufacturer was targeted in a cyber attack that disrupted its IT systems and operations, prompting a complete shutdown of all infrastructure. The company engaged external experts to investigate and restore services, with partial systems expected to resume within days and full recovery anticipated within weeks. Operations were impacted amid remote work conditions, though the full scope of the incident remained under assessment. Authorities including Danish police were notified, and updates were pledged to customers and partners as restoration efforts progressed according to plan.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night between Wednesday, April 8, 2020, and Thursday, April 9, 2020, Danish industrial pump manufacturer DESMI suffered a cyber attack that disrupted its global operations. The incident occurred while employees were working remotely due to the COVID-19 pandemic, compounding operational challenges. DESMI immediately shut down all IT systems as a containment measure, causing widespread disruption to business functions. The company engaged external cybersecurity experts to assist with incident response and system restoration efforts. Group CEO Henrik Sørensen confirmed the attack compromised both IT systems and operational technology, though the specific attack vector remained under investigation.
DESMI initiated a phased recovery process, projecting partial system restoration within days and full recovery within weeks. The company prioritized minimizing customer impact while working to assess the attack's complete scope, which remained undetermined during the initial response phase. Authorities including Danish police were notified, though no attribution or motive was disclosed. DESMI maintained communication with business partners and customers, promising updates as recovery progressed. The incident highlighted operational vulnerabilities during pandemic-induced remote work conditions, though no data theft or ransomware demands were explicitly confirmed in available reports.