Nordex says cyber incident limited to internal IT infrastructure, wind turbine farms unaffected
Wind turbines manufacturing giant Nordex Group this week announced that it is still working on restoring systems after a crippling cyberattack on March 31.
The incident was publicly disclosed in early April, when the company announced that it shut down “IT systems across multiple locations and business units” to contain the issue.
The company also said that the cyberattack was detected in its early stages, and that it immediately set up an incident response team to investigate and address the breach.
On Tuesday, the wind turbine maker published an updated incident notification, saying that it was still working on restoring systems to “enable business continuity and resume normal operations as soon as reasonably practicable.”
However, the company also announced that, while it disabled remote access from its infrastructure for turbines under contract, wind turbine farms were not affected by the attack and continued to operate normally.
“Nordex turbines continued operating without restrictions and wind farm communication with grid operators and energy traders was and remains unaffected,” the company announced.
Furthermore, Nordex announced that it has implemented alternative remote control services for most of its fleet, to ensure business continuity.
The investigation conducted by the company’s emergency response team in collaboration with relevant authorities has shown that only internal systems within Nordex’s environment were affected by the attack.
“Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure. There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT infrastructure,” the company announced.
It’s still unclear if ransomware was involved in the incident.
Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags: