Skip to content

Search the site

Nordex hacked: Wind turbine giant shuts down IT systems globally

€5.4 billion wind turbine firm attacked months after rival Vestas...

Germany's Nordex Group -- a wind power systems producer which reported €5.4 billion in sales in 2021 -- has shut down IT systems globally in a bid to contain a cybersecurity incident.

Reporting the incident on Saturday, Nordex said that "the intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols."

"The incident response team of internal and external security experts has been set up immediately in order to contain the issue and prevent further propagation and to assess the extent of potential exposure. Customers, employees, and other stakeholders may be affected by the shutdown of several IT systems. The Nordex Group will provide further updates when more information is available" it added in a short statement.

Nordex installed 1,619 wind turbines in 22 countries in 2021. It has ~8,600 employees and a manufacturing network that includes factories in Germany, Spain, Brazil, the USA, India and Mexico.

Nordex hacked months after peer Vestas

The incident comes after a November 19, 2021 ransomware attack on Vestas, one of the world's largest wind turbine manufacturers, which crippled systems and saw hackers "compromising and gaining unauthorised access to data stored on Vestas internal file share systems" which they later published.

Vestas restored all systems in under three weeks and said in its latest update on the incident that it had "no indication that the event has impacted customer and supply chain operations..."

As is the norm for many non-technology companies it has not published an incident post-mortem with details on the initial threat vector or other TTPs of the attackers. The Stack has asked if it plans to.

Phishing emails, attacks on exposed RDP and exploitation of unpatched software vulnerabilities remain the top initial ransomware infection vectors, according to a joint advisory — warning of increasing ransomware sophistication — from the UK’s NCSC, US’s CISA and Australia’s ACSC published February 9, 2022.

Sophistication or not, those three routes into organisations remain disturbingly familiar and emphasise the extent to which security hygiene and culture are critical in building a better-defended businesses.

(When it comes to easily brute-forced RDP credentials or other passwords, Microsoft noted this week that in Azure Active Directory its observe 50 million password attacks daily, yet only 20% of users and shockingly just 30% of global admins are using strong authentications such as multi-factor authentication.)

The three agencies — which said that in 2021 they observed an “increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally” — also warned that in the US attackers are moving away from “big game” and redirecting ransomware efforts toward mid-sized victims.

See: PwC’s HSE hack post-incident report should be a textbook