[BreachExchange] Cyber Incident Knocks Construction Firm Palfinger Offline

[Destry Winant]

https://www.healthcareinfosecurity.com/cyber-incident-knocks-construction-firm-palfinger-offline-a-15849

The Austrian construction equipment manufacturing firm Palfinger AG
reports being hit with a cyberattack that has knocked the majority of
its worldwide IT infrastructure offline.

"Currently, the Palfinger AG and the majority of its sites are the
target of an ongoing global cyberattack with massive effects on its IT
infrastructure," states a notification posted to the company's U.S.
website on Monday.

Palfinger says it does not yet know the extent or full impact of the
attack, or how long it will continue, but it is making an intensive
effort to find a solution.

"For the time being, Palfinger cannot be contacted via e-mail nor can
it receive or process inquiries, orders, shipments and invoices. ­Your
personal points of contact during this phase are only available by
telephone," the company says.

The company did not indicate what type of attack is taking place. But
Brett Callow, threat analyst with the security firm Emsisoft, says:
"Given Palfinger's statement that the attack is affecting multiple
systems and sites, ransomware is the most likely explanation."

Palfinger has more than 11,000 employees spread over 35 locations
worldwide. The company's primary business is the manufacture of
hydraulic lifting, loading and handling systems and cranes.

Palfinger did not immediately reply to Information Security Media
Group's request for additional information about the incident

Manufacturing Under Attack

In another incident in the manufacturing sector, Kawasaki Heavy
Industries reported Monday that, in December 2020, an unknown threat
actor gained access to its internal network through servers located in
an overseas office, with some data possibly being leaked to a third
party, according to a company statement (see: Kawasaki: Cyber Incident
May Have Resulted in Data Loss).

The breach was discovered on June 11 after an internal audit found an
unauthorized connection between a company server in Japan and another
corporate server located in Thailand, the company says. Communication
with the Thai server was immediately severed, but the follow-up
investigation found additional unauthorized connections.

The Japanese auto giant Honda acknowledged in June 2020 that it had
been victimized in a way that affected production operations at
several of its global facilities, including plants in the U.S., Japan,
Turkey and Italy. A hacker accessed and inserted malware into an
internal server at a Honda facility in Japan that eventually spread
throughout the company's network (see: Honda Confirms Hack Attack
Disrupted Global Production).