Arms maker Rheinmetall confirms BlackBasta ransomware attack – Source: www.bleepingcomputer.com

German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.

Rheinmetall is a German manufacturer of automotive, military vehicles, armaments, air defense systems, engines, and various steel products, which employs over 25,000 people and has an annual revenue of over $7 billion.

On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company.

The published data samples include non-disclosure agreements, technical schematics, passport scans, and purchase orders.

Responding to a request for a comment on the authenticity of the leaked data and network breach claims, a Rheinmetall spokesperson has confirmed the attack, clarifying that it only impacts its civilian department.

“Rheinmetall is continuing to work on resolving an IT attack by the ransomware group Black Basta. This was detected on 14 April 2023. It affects the Group’s civilian business.

Due to the strictly separated IT infrastructure within the Group, Rheinmetall’s military business is not affected by the attack.” – Rheinmetall

Moreover, the company stated that it had informed the relevant law enforcement authorities and filed a criminal complaint with the Cologne public prosecutor’s office.

Rheinmetall holds an important role in providing aid to Ukraine and recently upgraded its ties with a state-owned tank manufacturer in Ukraine by launching a new strategic cooperation program.

Recent BlackBasta activity

The BlackBasta ransomware gang launched its operations in April 2022 and has had multiple successful breaches against high-profile entities recently.

On May 07th, 2023, the threat group announced an attack against leading electrification and automation technology provider ABB.

In April 2023, BlackBasta breached the Canadian directory publisher Yellow Pages Group, stealing sensitive documents and data in the process.

On March 22nd, 2023, the threat actors infiltrated the corporate network of Capita, a British outsourcing giant contracted by multiple departments of the UK’s government and the army.

Later, on May 13th, Capita warned its customers that they should assume BlackBasta compromised their data.