Cyber Incident Victim: AKG Gruppe
Date:
Jul 2024
Location:
Germany
Summary
AKG experienced a significant cyberattack disrupting its global IT infrastructure, forcing a system-wide shutdown that temporarily halted production across multiple facilities, including its headquarters. The incident caused communication breakdowns via email, requiring alternative methods like messaging apps and phones, while payroll and supplier payments remained unaffected with no data loss reported. The company engaged law enforcement, IT forensics, and data protection authorities to investigate the breach, maintaining servers offline to prevent malware spread. Recovery efforts include establishing isolated "green zones" to securely migrate validated data and restore operations, with ongoing updates provided through their website and direct contacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 2, 2024, AKG, a global manufacturer of high-performance coolers and heat exchangers headquartered in Hofgeismar, Germany, experienced a significant cyber attack disrupting its IT infrastructure. The incident was first detected at AKG's India facility when employees could no longer log into their computers, with subsequent reports confirming similar issues across multiple international locations. This pattern indicated a coordinated attack, prompting AKG's immediate shutdown of all servers to contain malicious software propagation. The defensive measure caused widespread operational disruptions, including temporary production halts at all eleven manufacturing sites across Europe, North America, South America, and Asia. Hofgeismar's headquarters experienced complete production suspension due to IT system deactivation, though manufacturing resumed within days once critical production control data was verified as uncompromised. Communication systems collapsed when email servers were taken offline, forcing employees to use messenger services, landline telephones, and even a reactivated fax machine for critical operations. External communications with customers and suppliers faced severe limitations during this period. While payroll systems remained functional—ensuring uninterrupted salary payments and social security contributions—accounts payable operations experienced delays, though company leadership guaranteed all supplier invoices would eventually be settled without defaults.
AKG initiated a multi-phase response beginning with infrastructure isolation and notification to the Hessian State Criminal Police Office's Cybercrime Unit in Kassel, alongside relevant data protection authorities. Digital forensics experts were engaged to analyze compromised systems for attack vectors and perpetrator identification, though the investigation remains ongoing with no attribution confirmed. Internal IT teams prioritized creating segmented "green zones"—sanitized network areas receiving cleansed data from contaminated "red zones" after thorough malware screening. This migration process occurred while core servers remained disconnected as a precaution against residual threats. The company deployed a new global email system to restore external communications, though full IT restoration timelines were unspecified. Public statements confirmed no evidence of permanent data loss from production systems but acknowledged potential data exfiltration remains under assessment, with commitments to notify affected parties if breaches are confirmed. Business continuity measures allowed gradual production resumption across all facilities despite lingering IT limitations, with customer and supplier updates provided through alternative channels and corporate website announcements.