Swiss technology conglomerate ABB confirmed Friday that it is dealing with an “IT security incident” that is affecting some of its officers and systems around the world.
The Black Basta ransomware group attacked the company on May 7, reported BleepingComputer on Thursday night. Multiple anonymous sources told the news outlet that the ransomware attack targeted the company’s Windows Active Directory and affected hundreds of devices.
In a statement to Recorded Future News on Friday, an ABB spokesperson confirmed that it was dealing with a cyberattack but would not say if it involved ransomware.
“To address the situation, ABB has taken, and continues to take, measures to contain the incident. Such containment measures have resulted in some disruptions to its operations which the company is addressing,” the spokesperson said.
ABB works with governments across the globe — including U.S. federal agencies — and provides industrial technology to a range of large manufacturers such as Hitachi and Volvo.
“The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner,” the spokesperson said. ABB continues to work diligently with its customers and partners to resolve this situation and minimize its impact.”
The electrical equipment and robotics company reported a revenue of nearly $30 billion in 2022 and has more than 105,000 employees across the globe.
ABB also works closely with the governments of major cities like Ho Chi Minh City; Nashville; Zaragoza, Spain; and Singapore on infrastructure projects.
ABB also noted that it “operates more than 40 U.S.-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as U.S. Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the U.S. Postal Service.”
The Black Basta ransomware group has been behind high-profile attacks on the American Dental Association, German wind farm operator Deutsche Windtechnik and most recently British outsourcing company Capita.
Cybersecurity researchers tied the long-running cybercrime cartel FIN7 to the Black Basta ransomware operation last year.
Jonathan Greig
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.