Cyber Incident Victim: Homag Group
Date:
Feb 2023
Location:
United States of America
Summary
Homag Group, a subsidiary of Dürr AG, experienced a cyberattack where threat actors gained partial access to systems at an American division, though no data was compromised due to proactive shutdowns of IT infrastructure. While the parent company's primary systems in Bietigheim-Bissingen detected and thwarted a simultaneous intrusion attempt, both incidents required mandatory password resets for employees and ongoing security reviews. The organization confirmed no encryption of data, loss of control, or significant financial impact from either breach, with no evidence linking the two attacks. Normal operations resumed following containment measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early February 2023, Dürr AG detected a hacking attempt targeting its IT systems at its Bietigheim-Bissingen headquarters. The company's IT specialists promptly identified the intrusion effort and implemented countermeasures before attackers could encrypt data or gain control of systems. According to corporate spokesperson Mathias Christen, the attempted breach was unsuccessful, with no operational disruption or data compromise occurring. Dürr notified all employees about the incident and mandated company-wide password changes as a precautionary measure. Normal business operations continued without interruption following the incident. Christen emphasized that the attackers failed to achieve any significant foothold within Dürr's infrastructure during this attempt.
Simultaneously, attackers targeted Homag Group, an American subsidiary of Dürr AG, in a separate but proximate incident. While Christen confirmed no connection between the two events, the Homag attack proved more impactful, with hackers advancing further into systems compared to the parent company's breach. Homag personnel prevented data exfiltration or encryption by proactively shutting down affected IT systems. Ongoing security audits were being conducted at the time of reporting to assess potential vulnerabilities. Despite the more extensive system access, Christen stated no data loss occurred and no substantial economic damage resulted from either incident. Both organizations maintained operational continuity following containment measures, with Homag's systems remaining offline temporarily during forensic examination.