SOCRadar® Cyber Intelligence Inc. | Top 5 Cyber Attacks Targeting DACH Region in 2021


Dec 20, 2021
4 Mins Read

Top 5 Cyber Attacks Targeting DACH Region in 2021

Germany, Austria, and Switzerland (DACH) region, home to many giant companies with advanced IoT and artificial intelligence technologies, has been under significant cyber threats in recent years.  

Among these threats, while mobile vulnerabilities stood out until a few years ago, by 2021, ransomware and state-sponsored group activities are heavily threatening the DACH region. 

The COVID-19 pandemic disrupted DACH enterprises and has been a catalyst to accelerate their digital transformation journeys, according to the 2021 Gartner CIO Survey. However, this rapid transformation brings forth new vulnerabilities and weaknesses targeted by threat actors

Following is a round-up of major cyber security incidents in 2021. 

1) Leading Engineering Firm Palfinger Targeted in Global Cyberattack

At the beginning of 2021, an Austria-based crane maker firm, Palfinger, experienced a cyber-attack taking down their email system and disrupting business operations. The manufacturer firm Palfinger notified customers that their IT infrastructure suffered severe corruption due to an ongoing global cyber-attack.  

While the victim organization has shared limited information about the incident, they state the attack disordered their email and enterprise resource planning (ERP) systems enabling the firm to manage its main business processes. The victim company, operating in almost 30 countries with over 11 thousand employees, stated that the threat actors have partly encrypted data on several IT systems, verifying that this was a ransomware incident. 

Palfinger AG, the giant manufacturer of lifting systems, has posted a statement on its home page confirming it was currently under attack by hackers.

2) Ghostwriter Campaign Continues in 2021

Allegedly Russia-linked hackers orchestrated a cyberattack against dozens of German policymakers. The hackers were believed to belong to the campaign entitled “Ghostwriter,” reportedly linked to Russia’s military intelligence service (GRU). The criminals targeted at least seven members of the federal parliament (Bundestag) and another 31 state lawmakers. While the hackers reportedly utilized phishing emails and fake messages designed to appear reliable, it is unclear whether data leaked.  

Ghostwriter campaign, which is believed ongoing since 2017, mainly targeted audiences in Lithuania, Latvia, and Poland by publishing formed content that promoted an anti-NATO agenda. The campaign regularly used fake email accounts and websites to spread false news. 

3) Ransomware Hits Swiss Consumer Outlet Comparis

In the first week of July, leading Swiss price comparison firm Comparis which has 80 million visits a year, was shut down by a ransomware group demanding CHF 370 thousand in cryptocurrencies. The victim firm has informed customers of a data breach after the ransomware attack that hit and took down the company’s entire network.  

The Comparis Group reported the attack to the Swiss law enforcement executives and the Swiss Federal Data Protection Commissioner with their cybercrime experts to investigate the incident. During the investigations, it was discovered that the ransomware group behind the attack could gain access to and likely steal user data collected on Comparis’ systems. 

4) German Cyber-Security Watchdog Confirmed the Cyber-Catastrophe  

In July 2021, a district council in eastern Germany declared a disaster after its computer systems were paralyzed by a ransomware attack in what the federal cyber-security watchdog confirmed was the country’s first-ever “cyber-catastrophe.”  

After the ransomware attack, numerous servers of the district authority were affected, limiting access to data and services, and the district administration has asked for help from the German armed forces, Bundeswehr. Although the ransomware attackers were asking for a ransom for decrypting the encrypted data, the district declined to comply.  

The attackers shared some of the stolen data on the dark web marketplace following the incident. While the identity of the ransomware group and how the district was infected is unclear, the attackers could exploit a security gap in the Windows printing function. 

5) Chemical Giant Got Hit by $4.4 Million Ransomware Attack

In early May, the DarkSide ransomware group demanded a $4.4 million Bitcoin ransom in a cyberattack on Brenntag’s North American division. The threat actors reportedly gained access to the corporate network after purchasing stolen credentials from another entity, and they claimed to have 150 GB of stolen data with the attack. 

The Essen-based chemical distribution firm paid the ransom to take a decryptor for their encrypted files and prevent the ransomware group from leaking their information.  

Click here to read the top 5 cyberattacks in Latin America in 2021.

Click here to read the top 5 cyberattacks in the cryptocurrency and blockchain fields in 2021.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Try for free