Engineering (Includes Industrial Construction)


Ransomware Attack at Engineering and Construction Company Hiap Seng Industries

July 3, 2024

Hiap Seng Industries, a prominent engineering and construction company, has fallen victim to a ransomware attack that compromised its servers. The company has swiftly taken measures to contain the breach and ensure the continuity of its business operations.

Hiap Seng Industries reported that there has been no material impact on its business operations due to the incident.

read more

McKim & Creed Engineering Firm Suffers Cyberattack

February 11, 2024

Raleigh, North Carolina-based McKim & Creed suffered a cyberattack on its network that disrupted some business aspects.
“On February 11, 2024, McKim & Creed discovered suspicious activity on certain computer systems, resulting in the disruption of certain business functions,” the company said in an advisory last week. “McKim & Creed immediately responded and launched an investigation with outside cybersecurity specialists to confirm the nature and scope of the incident and restore impacted computer systems to full, secure operability.
“Through the investigation, McKim & Creed learned that an unauthorized actor accessed its systems and may have viewed or acquired business data containing certain employee information between December 15, 2023 to February 11, 2024. McKim & Creed conducted a review of the data that was potentially viewed or acquired to determine whether it contained any sensitive information.
“While the review was ongoing, McKim & Creed notified certain impacted individuals of the incident on February 28, 2024. On May 3, 2024, McKim & Creed determined what personal information related to employees and dependents was included in the potentially impacted data set. After determining the scope of information in the potentially impacted files, McKim & Creed undertook efforts to locate address information for the affected individuals, put resources in place to assist, and provide direct notice.”

read more

Data Security Incident at Sierra Lobo (SLI), a US Aerospace Engineering Firm

February 23, 2024

Despite patching a vulnerability in a remote access tool, Fremont, Ohio-based Sierra Lobo, Inc. (SLI), suffered a data security incident the company feels launched before they applied the mitigation.

“Based upon the forensic investigation, this cybersecurity incident commenced through the exploitation of a vulnerability in our remote access tool, ScreenConnect. Despite the immediate application of a patch addressing the identified vulnerability, subsequent investigations suggest that the system remained compromised, indicating that the initial breach occurred prior to the patch application.”

read more

Data Breach at German Mechanical Engineering Company

December 1, 2023

Graebener Bipolar Plate Technologies, a pioneer in the development of manufacturing technologies for bipolar plates reported that. between December 1st, 2023 and December 3rd, 2023, their IT systems were attacked. Parts of their databases were accessed. “All of our employees can still be reached via the usual communication channels (email and telephone). Our production processes are not affected and emergency operations have already been successfully resumed. In the coming weeks we will be strengthening some additional security measures to ensure the stability and integrity of our corporate IT.
[machine translated]

Black Basta Group has claimed responsibility for the attack.

read more

Cyberattack on a mechanical engineering company in Germany

February 24, 2024

Kampf GmbH reported they were the victim of a targeted and criminal cyber-attack on the morning of 24th February 2024, which partially encrypted their IT systems. “We immediately disconnected all external connections and shut down all IT systems. Currently, we are investigating the extent of the attack with the support of external cybersecurity experts and forensic specialists. We have informed all the relevant authorities and are cooperating with them in all matters.”

read more

Cyberattack at Canadian Engineering Giant Contracted for Government Military, Power and Transportation Projects.

March 9, 2023

A Canadian engineering giant whose work involves critical military, power and transportation infrastructure across the country has been hit with a ransomware attack. Details about the ransomware attack are scarce, with Black & McDonald refusing even to confirm it happened.

Canada’s defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald. “Once DCC was informed of the incident, it blocked all incoming emails from Black & McDonald out of an abundance of caution and conducted business by phone or in person,” Department of National Defense spokeswoman Jessica Lamirande said in a statement. “Once the contractor restored its email system and informed DCC, email communication resumed.”

Black & McDonald also has contracts with the Toronto Transit Commission and Ontario Power Generation — both of which told The Canadian Press they were informed by the company about the ransomware incident.

read more

Ransomware Attack at Slovenian Power Company HSE

November 24, 2023

Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. HSE is Slovenia’s largest power generation company, accounting for roughly 60% of domestic production, and it is considered critical infrastructure in the country. No ransom demand has been received.

The attack did affect the company’s communication and information infrastructure and, according to Slovenian news outlet 24ur, the websites of some of the power plants were temporarily inaccessible. Unofficial information shared with local media attributes the attack to the Rhysida ransomware gang. If Rhysida is behind the attack, it would also explain why HSE is stating they did not receive a ransom demand, as Rhysida ransom notes only contain an email address to contact the threat actors without specifying any monetary demands.

read more

Cyberattack paralyzes systems at Bauer Group AG

October 30, 2023

The Bavaria-based civil engineering specialist, Bauer Group, was the victim of a cyber attack. Various systems were shut down or switched off as a precautionary measure. The websites were still down on Wednesday. This results in restrictions for the business partners of Bauer companies worldwide.

Update 10 Nov:
Following the attack on the IT infrastructure, the Group’s business can continue in most areas, even with restrictions in one place or another. “Our construction sites in the Geotechnical Solutions and Resources segments are continuing to operate, we can also deliver equipment and Sales and Materials Management can also continue to work. To this end, we have switched many digital processes back to manual processes over the past week. Our solvency has also not been affected by the attack,” says Peter Hingott, Executive Board member of BAUER AG.

However, as there are individual areas of the company that are severely restricted, such as machine production and associated teams, the response in these areas is to reduce working hours and bring forward vacations. There are also plans to use short-time working for these areas where necessary. “What we have achieved in the last two weeks is a great achievement.” “We continue to ask our business partners for understanding and patience if there are currently delays or problems in our cooperation,” says Peter Hingott.

read more

2020 Phishing Email Cost UK Interserve more than £11M

May 8, 2020

Hackers stole sensitive details on 100,000 people from an outsourcing company named Interserve. The Phishing campaign attackers are unknown and the company offered no additional information. The data stolen is sensitive, including employee names and their addresses, bank details, payroll information, HR records, pension information and much more.

Update August 2023: The Information Commissioner fined Interserve £4.4m in autumn 2022. Interserve was once a FTSE 250 firm but has largely been broken up after collapsing into administration four years ago. Its latest accounts reveal that it spent £7m on ‘professional adviser fees’ following the attack.

read more

Australian Infrastructure Services Provider Takes Down Systems

July 8, 2023

The Australian infrastructure services provider Ventia says a cyberattack on the weekend of July 8 and 9 is contained. The attack on the Sydney-headquartered essential infrastructure services provider caused it to take key systems offline. However, in a July 12 statement, Ventia says its key internal systems have been safely re-enabled and external-facing networks are systematically being restored. Ventia is giving little away about the nature of the cyberattack, but the company’s decision to shut down its systems is a characteristic response to a ransomware-style attack.

An APAC Analyst Technical Director at DarkTrace says some of Ventia’s systems were offline for at least three days and switching off services would significantly impact customers. “Ventia are an important pillar in the management of critical infrastructure. They operate sites across Australia and New Zealand on behalf of defence, electricity, gas, and water companies,”

read more