German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack

Rheinmetall confirmed on Monday that the Black Basta ransomware group was behind a cyberattack it detected last month.

A spokesperson for the German automotive and arms manufacturer told The Record that the company was “continuing to work on resolving” the attack.

The attack coincided with reports that Rheinmetall was in talks about constructing a new tank factory in Ukraine.

Rheinmetall’s spokesperson stressed that the incident, which was detected on April 14, only affected the company’s civilian business, which operated using “strictly separated IT infrastructure.”

Rheinmetall’s military business has become a critical part of the war in Ukraine, with the company securing several contracts to provide the Ukrainian armed forces with ammunition and reconnaissance systems.

The company is also a key supplier of guns used on the Leopard tank, dozens of which have been sent to Ukraine by several European nations to aid in its counteroffensive.

Ukraine also relies on Rheinmetall’s production of 155mm caliber artillery shells, which are currently in short supply in the West.

A spokesperson for Rheinmetall said that the company has informed the relevant authorities following the incident, and has “filed a criminal complaint with the Cologne public prosecutor's office.”

The Black Basta ransomware group has been behind high-profile attacks on the Swiss tech giant ABB, the American Dental Association, German wind farm operator Deutsche Windtechnik and the British outsourcing company Capita.

Cybersecurity researchers tied the long-running cybercrime cartel FIN7 to the Black Basta ransomware operation in a report published late last year.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.