ABB, a multinational industrial tech company specializing in electrification and automation, has confirmed that certain locations and services were impacted by an “IT security incident.”
The industrial tech behemoth, with a reported revenue of $29.4 billion in 2022, said the company’s cybersecurity team is working to resolve the issue.
“ABB recently detected an IT security incident that directly affected certain locations and systems. To address the situation, ABB has taken, and continues to take, measures to contain the incident,” an ABB representative told Cybernews.
The company claims that enacted containment measures disrupted some of its operations, and ABB is addressing the issue. However, it stressed that most of its “systems and factories are now up and running, and ABB continues to serve its customers in a secure manner.”
ABB enjoys a global presence, with operations on every continent, apart from maybe Antarctica. One arm of the company’s vast business empire develops industrial control systems (ICS). ICS is a critical part of the modern manufacturing system and a juicy target for state-sponsored and financially motivated threat actors.
“ABB continues to work diligently with its customers and partners to resolve this situation and minimize its impact,” the company, with a staff exceeding 100,000 employees, said.
The company’s customer list includes several prominent names such as Volvo, Hitachi, cities Zaragoza and Nashville, PKN Orlen, Roboship, and many others.
The company supposedly fell victim to a ransomware attack by the Russia-linked cybercriminal group Black Basta as first reported by Bleeping Computer. However, ABB did not confirm that was the case to Cybernews, and the company’s name is absent from Black Basta’s leak site, a dark web blog where cybercriminals post their latest victims.
Black Basta first appeared in 2022, hitting dozens of companies in its first few weeks. According to the dark-web monitoring platform, DarkFeed, Black Basta has struck 153 organizations since its strain of malware was first discovered.
The gang employs double-extortion tactics to muscle victims into paying a ransom. Cybercriminals that use this model often publish stolen data bit by bit, expecting victims to succumb to internal and external pressure.
Researchers believe Black Basta operators are associated with the notorious Russia-linked cybercrime gang FIN7, reported in November last year as having been active players in the cyber espionage underworld for around a decade.
