ABB, a Swiss electrification and automation technology company, fell victim to a Black Basta ransomware attack, affecting its business operations. The attack occurred on May 7, 2023, and impacted the company’s Windows Active Directory and hundreds of infected devices.
Some projects were delayed, and the attack had an impact on ABB’s factories. To prevent the spread of the threat, ABB closed VPN connections with its customers.
Black Basta ransomware group, known for its double-extortion attack model, has been active since April 2022. Researchers have linked the group to the financially motivated hacking group FIN7.
The attack chain typically starts with QBot infection, followed by the use of Cobalt Strike for post-exploitation and finally the deployment of the Black Basta ransomware. The group has previously targeted other companies, including the UK outsourcing giant Capita.
In the Capita incident, which occurred in April 2023, the cyberattack primarily impacted access to internal Microsoft Office 365 applications. While some services provided to individual clients were disrupted, the majority of client services remained unaffected.
ABB’s attack highlights the increasing threat posed by ransomware groups and the need for robust cybersecurity measures to protect critical infrastructure and sensitive data.
