Cyber Incident Victim: Aurubis
Date:
Oct 2022
Location:
Germany
Summary
A major European copper producer experienced a cyberattack, forcing preventive shutdowns of IT systems across its operations to contain the incident, which was linked to broader attacks targeting the metals and mining sector. While production facilities and environmental protection systems remained operational, logistical functions like incoming and outgoing goods required manual processing. The company prioritized maintaining raw material procurement and product deliveries, implementing transitional solutions to restore services for business partners. Authorities were engaged to investigate the attack, though full system recovery timelines remained unclear during the initial response phase.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2022, Aurubis experienced a cyberattack targeting its IT systems during nighttime hours, which the company characterized as part of a broader assault on the metals and mining sector. The attack prompted an immediate preventive shutdown and disconnection of numerous IT systems across Aurubis sites from the internet to contain potential damage. Despite these disruptions, Aurubis maintained critical operational continuity, with production facilities and environmental protection systems remaining functional at all smelter sites. The company implemented manual processes to manage incoming and outgoing goods logistics, ensuring raw material procurement and metal deliveries continued without significant interruption. Aurubis engaged with investigative authorities to assess the incident's scope and impact across its global operations, though full system restoration timelines remained undetermined at the time of reporting.
The incident response prioritized sustaining production volumes and supply chain operations while transitional solutions were developed to restore business partner services by the following week. Customers and suppliers maintained contact with Aurubis representatives via telephone as digital communication channels remained impaired. Operational continuity measures included manual documentation and processing workflows to compensate for disabled automated systems. Aurubis refrained from disclosing specific technical details about the attack vector or perpetrator attribution but confirmed no ransomware claims had been substantiated publicly. The company's status as Europe's largest copper producer—with 6,900 employees and annual output exceeding one million tonnes of copper cathodes—highlighted the attack's potential sector-wide implications, drawing parallels to historical incidents like the 2019 LockerGoga ransomware attack against Norsk Hydro. System recovery efforts proceeded without definitive completion estimates as forensic investigations continued in collaboration with law enforcement agencies.