Cyber Incident Victim: MND Group
Date:
Mar 2021
Location:
France
Summary
A cybersecurity incident impacted servers in France and Austria, leading to the disconnection of all IT systems to prevent malware spread. While customer-facing operations, including remote avalanche control systems, remained unaffected, production facilities in France experienced temporary slowdowns or stoppages. The organization implemented a business recovery plan with cybersecurity experts and authorities, aiming for gradual resumption of operations the following week alongside ongoing investigations to restore systems fully. Further updates were planned in conjunction with financial reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of March 22-23, 2021, the MND Group experienced a cyber attack involving malware infections on some of its servers located in France and Austria. The company immediately implemented security protocols by disconnecting and shutting down all Group servers to contain the attack and prevent further spread within the IT infrastructure. This decisive containment action successfully isolated the compromised systems while preserving operational integrity for customer-facing solutions. Specifically, the malware did not affect systems supporting critical customer operations, including remote control technologies for avalanche release systems and snowmaking equipment. However, the server shutdowns forced production units based in France to reduce or halt manufacturing activities for several days, indicating localized but significant operational disruption to internal processes.
MND activated a business recovery plan following the containment measures, mobilizing internal teams alongside cybersecurity specialists and relevant authorities to address both technical remediation and operational impacts. The Group announced plans to gradually restore some activities safely during the week beginning March 29, 2021, while continuing forensic investigations to enable full system restoration. No data breach or external data access was mentioned in the public statement. MND acknowledged production delays as the primary immediate consequence while expressing gratitude to customers, partners, and employees for their support during the disruption. The company committed to providing further updates on the incident's resolution alongside its interim financial results announcement scheduled for late April 2021.