Cyber Incident Victim: Wisag
Date:
Feb 2023
Location:
Germany
Summary
A Frankfurt-based facility management and industrial services company experienced a second cyberattack, prompting an immediate shutdown of all IT systems following detected server irregularities. The disruption rendered the corporate website and email communications inaccessible, though operational business activities continued. This incident occurred approximately one year after a prior attack that severely disrupted workflows for about a week, including delayed payroll processing affecting 55,000 employees. The organization stated it had invested in cybersecurity improvements following the initial breach and initiated system restoration efforts promptly, expressing confidence in a swift recovery while asserting no evidence of customer or internal data exfiltration at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2023, the Frankfurt-based WISAG service conglomerate experienced its second major cyberattack in approximately one year, forcing an immediate shutdown of its IT infrastructure. The company’s IT department detected unspecified "irregularities" on its servers that morning, prompting a precautionary disconnection of all systems and applications from the internet. This action rendered WISAG’s corporate website inaccessible and disrupted email communications across the organization. Despite the IT outage, the company maintained continuity in its core operational activities, which span facility management, industrial services, and airport operations. The incident occurred almost exactly one year after WISAG’s initial February 2022 cyberattack, which had caused significant operational disruptions lasting approximately one week. During the prior incident, payroll systems were compromised, resulting in delayed salary payments to 55,000 employees. Following the 2022 attack, WISAG had publicly committed to strengthening its cybersecurity posture through targeted investments, though specific security enhancements were not detailed in available reports.
WISAG initiated system recovery efforts immediately after isolating affected infrastructure, expressing confidence in restoring operations promptly. Company representatives stated no evidence indicated unauthorized exfiltration of customer or internal data as of the initial assessment phase. The firm emphasized its refusal to negotiate with threat actors, echoing CEO Michael Wisser’s 2022 declaration rejecting ransom demands. Operational impacts from the 2023 incident appeared less severe than the previous attack, with no immediate reports of payroll disruptions or extended service interruptions. The family-owned enterprise, which reported €1.2 billion in annual revenue prior to the incident, maintained public assurances regarding its recovery timeline while withholding technical details about the attack vector or perpetrator identity. "We are optimistic about restoring all systems securely at the earliest possible timeframe," the company stated in its official communication regarding remediation progress.