German automotive and arms manufacturer Rheinmetall has confirmed that it was targeted in a cyberattack last month by the Black Basta ransomware group. The attack, detected on April 14, coincided with reports of Rheinmetall’s involvement in discussions regarding the construction of a new tank factory in Ukraine.
While the incident only impacted Rheinmetall’s civilian business, the company’s military division plays a crucial role in supplying ammunition, reconnaissance systems, and guns for the Ukrainian armed forces.
Rheinmetall’s spokesperson emphasized that the affected business operated on a strictly separated IT infrastructure. As a key supplier of weaponry for the Ukrainian military, Rheinmetall’s products, including guns for the Leopard tank and 155mm caliber artillery shells, are in high demand to support Ukraine’s counteroffensive efforts.
In response to the cyberattack, Rheinmetall has taken steps to inform relevant authorities and has filed a criminal complaint with the Cologne public prosecutor’s office.
The Black Basta ransomware group has gained notoriety for its high-profile attacks on various organizations, including the Swiss tech giant ABB, the American Dental Association, German wind farm operator Deutsche Windtechnik, and British outsourcing company Capita.
In a report published last year, cybersecurity researchers linked the Black Basta group to the long-running cybercrime cartel FIN7. Rheinmetall is actively working to resolve the attack and mitigate its impact on the company’s operations.