German manufacturer says malware has caused ‘significant disruption’ to plants in three countries

Parent company Rheinmetall Group said it expects to lose 3 to 4 million euros per week, starting next week.
Rheinmentall Group
Rheinmetall Automotive said in a statement it has been grappling with “malware attacks.”(Reuters)

A malware infection at German car parts manufacturer Rheinmetall Automotive has caused “significant disruption” to production at company plants in Brazil, Mexico, and the United States, the company disclosed Thursday.

Rheinmetall Group, the manufacturer’s parent company, said it expects to lose 3 to 4 million euros, or $3.28 to $4.38 million, per week due to the incident, starting next week. Rheinmetall Automotive provides top car manufacturers with auto parts such as pistons, engine blocks, and emissions control equipment, according to its website. Rheinmetall Group’s IT systems outside of plants in those three countries do not appear to be affected, the company said.

Since late Tuesday, Rheinmetall Automotive said in a statement, it has been grappling with “malware attacks” and the “length of the disruption cannot be predicted at this time. The most likely scenarios suggest a period lasting between two and four weeks.”

Shares in the company dropped early Friday on the heels of the incident.


A spokesperson for Rheinmetall Automotive could not be reached for comment on the type of malware deployed and who the suspected attacker was.

Manufacturers have in some cases opened up more avenues for hackers by embracing digitization in recent years, observers say. The sector is also saddled with legacy devices that aren’t properly secured, according to David Wolf, principal security researcher at cybersecurity company Forescout.

Among the sectors the Forescout tracks, Wolf  said, “manufacturing has a significant ratio of unmanaged Windows devices, and the highest ratio of unknown, unclassified devices, partly because manufacturing firms use a lot of legacy, embedded technology that’s sensitive to active inspection.”

One of the most impactful recent cybersecurity incidents in the manufacturing sector occurred at Norsk Hydro, a top aluminum producer. In March, Norsk Hydro was hit with malware that forced the company to temporarily stop some production and switch to manual operations in some areas.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts