Cyber Incident Victim: Hettich Unternehmensgruppe
Date:
Aug 2022
Location:
China
Summary
A cyberattack targeted the Chinese subsidiary of Hettich, prompting IT specialists within the organization and external experts to work continuously to repel the intrusion and strengthen system security measures. While full restoration of IT system access remains pending, local production in China continues unaffected, and no other group entities were compromised. Customer deliveries outside China face no disruptions. Protecting sensitive data remains the highest priority, with the company planning additional technical and organizational measures to further mitigate security risks following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around August 1, 2022, Hettich's subsidiary in China experienced a cyberattack that disrupted access to certain IT systems. The parent company’s IT specialists, supported by external cybersecurity experts, immediately initiated around-the-clock efforts to repel the attack and reinforce system security measures. While containment and remediation activities were underway, the subsidiary could not immediately restore full access to all affected IT infrastructure. The timeline for complete system recovery remained uncertain at the time of reporting. Despite these operational disruptions, local manufacturing operations in China continued without interruption, maintaining production output. No other subsidiaries within the Hettich corporate group were impacted by the incident, according to available information.
The attack prompted Hettich to prioritize the protection of sensitive data as its highest concern throughout the response. While the company confirmed its supply chain’s ability to fulfill orders for customers outside China remained unaffected, it announced plans to implement additional technical and organizational security measures following the incident. These planned enhancements aimed to further minimize future cybersecurity risks across the organization. The incident remained confined to the Chinese subsidiary’s systems, with no reported lateral movement to other regional or global operations. Hettich did not disclose specific details regarding the attack vector, data compromise, or threat actor attribution in its initial public statement.