Rheinmetall listed on ransomware victim blog

German automotive and arms manufacturer Rheinmetall was allegedly breached by Russia-linked cybercriminal cartel Black Basta.

Cybercriminals have added Rheinmetall, one of the world’s leading weapons manufacturers, on a dark web blog used to showcase victims. The post included several screenshots of supposedly stolen data, seemingly including a manufacturing equipment blueprint.

We reached out to the company for comment but haven’t received a reply before publishing this article.

Rheinmetall, headquartered in Düsseldorf, Germany, is a major player in the automotive and arms manufacturing business, with controlling stakes at Rheinmetall MAN Military Vehicles and Rheinmetall BAE Systems Land. The company employs over 27,000 people and enjoys over $6 billion in revenue.

Post on Black Basta's leak site. Image by Cybernews.

Earlier this year, Killmilk, leaders of the pro-Russian hacker-collective-turned private military company Killnet, invited supporters to swarm internet protocol (IP) targets, including Rheinmetall’s IT infrastructure in Germany and Australia.

At the time, Rheinmetall’s representative confirmed to Cybernews that the company noted an increased number of requests from the network. However, Rheinmetall’s IT Security team did not notice any serious challenges for the company’s IT infrastructure to continue operating.

On March 4, Rheinmetall’s CEO Armin Papperger said the German manufacturer was mulling setting up a tank factory in Ukraine that could produce as many as 400 Panther tanks a year.

Black Basta first appeared in 2022, hitting dozens of companies in its first few weeks. According to the dark-web monitoring platform DarkFeed, Black Basta has struck 153 organizations since its strain of malware was first discovered.

The gang employs double-extortion tactics to muscle victims into paying a ransom. Cybercriminals that use this model often publish stolen data bit by bit, expecting victims to succumb to internal and external pressure.

Researchers believe that Black Basta operators are associated with the notorious Russia-linked cybercrime gang FIN7, reported in November last year as having been active players in the cyber espionage underworld for around a decade.

More from Cybernews:

Vegas man accused of role in $45m crypto-scam

Mazars Group allegedly breached by BlackCat cybercrooks

AI ‘here to stay’ with tech bosses to invest big as jobs are cut

PyPI briefly paused new users amidst wave of malware

Bezos' Blue Origin lunar lander wins NASA contract

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked