Cyber Incident Victim: Kampf GmbH
Date:
Feb 2024
Location:
Germany
Summary
Kampf GmbH experienced a targeted cyber attack involving partial encryption of its IT systems, prompting immediate disconnection of external connections and system shutdowns. External cybersecurity experts and forensic specialists are assisting the investigation, with authorities notified and cooperation ongoing; potential data extraction remains unruled out, leading to advisories for business partners to scrutinize communications. Most affected group companies resumed normal operations except Kampf GmbH and Atlas Converting Equipment Ltd., though secure email, Teams, and job portal access were restored following independent security reviews, while general caution against phishing was reiterated.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of February 24, 2024, Kampf GmbH experienced a targeted criminal cyber-attack involving specialized software that partially encrypted its IT systems. The company responded immediately by disconnecting all external connections and shutting down its entire IT infrastructure to contain the breach. External cybersecurity experts and forensic specialists were engaged to investigate the scope and impact of the incident, with authorities notified and cooperation initiated. Kampf GmbH publicly acknowledged the possibility that attackers had extracted data from its systems, advising business partners to scrutinize emails originating from Kampf Group addresses for suspicious content and to verify communications via telephone if necessary. Initial recovery efforts prioritized restoring secure communication channels, with email and Microsoft Teams functionality declared safe for external use by February 29 following validation by two independent external cybersecurity service providers. The company's job portal also resumed normal operations on this date, though operational delays persisted due to ongoing remediation work.
By March 4, 2024, all Kampf Group companies except Kampf GmbH and subsidiary Atlas Converting Equipment Ltd. had returned to normal operations, with other Jagenberg Group entities unaffected. The company reiterated that validated secure communications channels were operational for Kampf GmbH and Atlas Converting Equipment, while cautioning partners about general phishing risks unrelated to the incident. On March 14, Kampf GmbH expanded its declared secure contact methods to include telephone, email, Teams, remote service tools, and the my@advanced customer portal, directing partners to established contacts for additional verification. Throughout the incident, the organization maintained periodic public updates on restoration progress but did not disclose technical details regarding the attack vector, encryption methodology, or specific compromised systems. No quantitative data regarding data exfiltration or financial impact was disclosed in the provided updates.