Conti claims responsibility for targeting German wind turbine manufacturing giant Nordex

German wind turbine manufacturer Nordex Group, one of the country’s major critical infrastructure utilities, suffered a major cyber security incident in late March that disrupted daily operations.

The Nordex Group is among the world’s largest wind turbine manufacturers, employing more than 8,500 people worldwide and specializing in the development, manufacture and management of onshore wind turbines for over 35 years.

In a statement posted in its website, the wind turbine manufacturing company said that its IT team identified a security incident on March 31, following which it promptly initiated security protocols and various IT systems across different business units were taken offline.

“The intrusion was noted in an early stage and response measures initiated immediately in line with crisis management protocols. As a precautionary measure, the company decided to shut down IT systems across multiple locations and business units,” Nordex said.

Nordex confirmed that to mitigate the impact of the cyber attack, regular remote access for turbines under contract were disabled and alternative remote control services were implemented for most of the fleet.

“To safeguard customer assets, remote access from Nordex Group IT infrastructure was disabled for turbines under contract.  As part of immediately initiated business continuity measures, alternative remote control services have been set-up and are now successfully implemented for most of the fleet,” it added.

The company is working closely with relevant authorities and internal and external IT experts to understand the scope of the incident. Preliminary investigation suggested that the impact of the incident was limited to the company’s internal IT systems. “There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT infrastructure,” it said in another statement issued on April 12.

“While investigations are ongoing, the company is continuing to restore its IT systems such as to enable business continuity and resume normal operations as soon as reasonably practicable.”

According to Brett Callow, a threat analyst at Emsisoft, the Conti ransomware gang, which recently announced support for Russia following the invasion of Ukraine, has claimed responsibility for targeting the Nordex Group with ransomware.

twitter.com/BrettCallow/status/1514715780377575427/

The ransomware gang, which ranked among the top five most prolific ransomware-as-a-service operators in the past two years, recently posted a screenshot in its website to confirm that the cyber attack on the Nordex Group was its doing.

Incidentally, Deutsche Windtechnik AG, another German company specializing in the operation and maintenance of wind turbines, suffered a cyber attack on or just before April 12. In response, the company had to quickly shut down all computers and sever connections to external systems. 

According to German media outlet buten un binnen, the cyber attack struck the company’s server facility in Rendsburg, resulting in a complete network shutdown and limited communication with operational wind turbines. It is not known yet if the Conti ransomware gang is responsible for this incident as well.

Commenting on the security incident suffered by the Nordex Grouo, Chris Hauk, Consumer Privacy Advocate at Pixel Privacy said, “We will continue to see an increase in attacks like this. While this attack was apparently detected in its early stages, with the company apparently able to respond and deter the attack, there are likely thousands of companies that have been attacked without their knowledge. This will likely lead to more reports like this in the near future.

“Organizations need to invest in countermeasures against attacks like this, educating employees, running system scans, and keeping operating systems and apps up to date,” he added.