Gedia Automotive Group

Gedia Automotive Group is an automotive group headquartered in Germany. It operates internationally, with facilities in multiple countries. The group is involved in the automotive sector, as indicated by its alias. Specific product lines or services are not detailed in the source material.

In January 2020, the company experienced a ransomware attack by the Sodinokibi (REvil) group. The attack forced a shutdown of central IT infrastructure, halted administrative operations, and led to employees being sent home. Over 50 gigabytes of sensitive data, including blueprints, employee details, and client information, were exfiltrated. The attackers also extracted Active Directory credentials using the ADRecon tool. The incident affected the company's international facilities and required external security assistance, with a projected recovery time of weeks to months.

The exfiltration of blueprints indicates the group handles proprietary engineering design data. The theft of employee and client information shows the group stores personal and commercial data. The compromise of Active Directory credentials highlights the reliance on internal identity management systems. These facts demonstrate the group's dependence on digital systems for design, operations, and client relations, and its exposure to cyber threats targeting intellectual property and operational continuity.