Cyber Incident Victim: Lürssen
Date:
Apr 2023
Location:
Germany
Summary
A German shipbuilder specializing in military vessels and luxury yachts experienced a ransomware attack during a holiday period, disrupting significant portions of its shipyard operations. The company initiated protective measures and collaborated with internal and external experts to address the incident, while German authorities launched a criminal investigation. The attack, suspected to involve phishing techniques, caused widespread operational stoppages but no further details regarding ransom demands or perpetrators were disclosed due to investigative considerations. The firm maintains contracts for naval projects, including patrol vessels for international clients, and is recognized for constructing advanced maritime technology vulnerable to such cyber intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack on German shipbuilder Lürssen occurred during the Easter holiday period in early April 2023, disrupting operations at its Bremen shipyard. The company confirmed the incident involved ransomware deployed through phishing techniques, though specific details about the attackers' identity, ransom demands, or initial intrusion methods remained undisclosed for investigative reasons. Local outlet Buten un Binnen first reported the cyberattack had significantly paralyzed shipyard activities, with regional police launching a criminal investigation. Lürssen implemented immediate protective measures following the breach but declined to elaborate on operational impacts or whether data exfiltration occurred. Both company representatives and Bremen law enforcement maintained strict confidentiality about investigation progress, citing tactical considerations for ongoing forensic work.
As a major manufacturer of luxury superyachts and military vessels, the attack affected a company responsible for constructing naval assets including five Korvette K130-class corvettes for the German Navy and patrol boats for Australia. Lürssen's high-profile yacht clients included Middle Eastern royalty and prominent oligarchs, with the 146-meter "Opera" yacht delivered to an Abu Dhabi sheikh just weeks before the incident. The operational standstill occurred amid broader industry concerns about maritime cybersecurity vulnerabilities, particularly regarding integrated navigation systems and crew susceptibility to phishing. Lürssen engaged internal and external cybersecurity experts to manage remediation while maintaining its five German shipbuilding facilities and 1,600-person workforce. No public updates regarding full operational restoration or long-term financial impacts were disclosed following the initial response phase.