Cyber Incident Victim: u-blox
Date:
Oct 2022
Location:
Switzerland
Summary
A global technology leader in wireless and positioning solutions experienced a ransomware attack that disrupted several internal IT systems, though production operations remained unaffected. The incident was promptly detected and contained, with no compromise of customer data or intellectual property reported. While the company's service platforms stayed functional, ERP system outages caused shipment delays, with recovery efforts nearing completion. External cybersecurity experts were engaged to conduct forensic reviews and develop mitigation plans, and relevant authorities were involved to investigate the attack and pursue legal action. The organization credited its IT team's swift response and resilient infrastructure for maintaining operational continuity throughout the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 24, 2022, u-blox detected and contained a ransomware cyberattack targeting its internal IT systems. Suspicious activities prompted immediate inhibition measures by the company’s IT team, preventing further escalation. The attack caused outages across several internal systems, including the enterprise resource planning (ERP) platform, though production lines remained operational throughout the incident. u-blox confirmed no compromise of customer data or intellectual property based on preliminary forensic findings. Service delivery platforms and public-facing websites maintained full functionality, ensuring continued customer access to critical resources. The company prioritized restoring affected systems, with recovery efforts described as "far advanced" by October 28, 2022.
The ERP disruption created logistical challenges, potentially delaying product shipments. u-blox projected normal delivery resumption by November 1, 2022, following system restoration. External cybersecurity experts were engaged to conduct comprehensive forensic analysis and develop protection strategies alongside internal teams. Relevant authorities were notified to support investigation and potential prosecution of the attackers. CEO Thomas Seiler attributed operational continuity during the incident to rapid IT response and inherent system resilience, emphasizing maintained production capabilities and data security. The company implemented mitigation plans to reduce risks to stakeholders while continuing recovery operations.