Cyber Incident Victim: ThyssenKrupp AG
Date:
Dec 2022
Location:
Germany
Summary
A cyberattack targeted Thyssenkrupp's Materials Services division and portions of its Essen headquarters, with the incident actively ongoing when initially reported. The company's IT security team detected the intrusion promptly, initiating containment efforts through an interdisciplinary crisis team and engaging relevant authorities. While no immediate operational damage was confirmed, the attack—attributed to organized criminal actors—remained unresolved at the time of disclosure. Other business units within the conglomerate were confirmed unaffected. This incident followed recent cyberattacks against regional entities, including the University of Duisburg-Essen and automotive supplier Continental.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 20, 2022, Thyssenkrupp Material Services and sections of the company’s Essen headquarters became targets of an ongoing cyberattack first detected that afternoon. The intrusion primarily impacted the Materials Services division, which employs approximately 16,000 personnel globally, while other Thyssenkrupp business units were confirmed unaffected at the time of initial reporting. The company’s IT security team identified the breach rapidly, triggering immediate defensive measures to restore system integrity. Thyssenkrupp activated an interdisciplinary crisis unit coordinating with corporate IT security personnel to contain the attack and terminate it as swiftly as possible. Although the assault remained active throughout the afternoon, the organization stated no operational damage or data compromise had been identified by midday. Early indicators suggested the apparent involvement of organized criminal elements behind the intrusion, though no specific threat actor was named.
Thyssenkrupp engaged relevant law enforcement authorities during the response while maintaining continuous mitigation efforts. The crisis team focused on isolating affected systems and preventing lateral movement across the corporate network. Company spokespersons emphasized no evidence of data exfiltration or destructive payloads during the initial hours of the incident. This attack occurred amid regional cybersecurity disruptions, including two separate breaches targeting the University of Duisburg-Essen days earlier and a prior intrusion at automotive supplier Continental discovered weeks after initial compromise. Thyssenkrupp’s public communications highlighted real-time containment progress but did not disclose technical specifics regarding attack vectors or infrastructure impacts. Operational continuity measures were implemented for Materials Services, though the organization provided no details regarding potential service interruptions or recovery timelines as of December 20.