Nordex Hit by Cyberattack, Shuts Down IT Systems Across Global Operations
German wind turbine manufacturer Nordex has taken its IT systems offline following a cyberattack detected on 31 March. The company swiftly assembled an incident response team comprising internal and external security experts to contain the breach, prevent further spread, and assess potential exposure. In a 2 April statement, Nordex confirmed the attack was identified early, prompting a precautionary shutdown of systems across multiple locations and business units. The disruption may impact customers, employees, and other stakeholders, though no additional details have been disclosed.
The incident follows a pattern of cyber threats targeting the renewable energy sector. In November 2021, Danish turbine manufacturer Vestas suffered a ransomware attack by the Lockbit group, which later leaked stolen data on the dark web. Unlike politically motivated attacks, Lockbit has maintained an apolitical stance, stating its sole focus is financial gain. Meanwhile, Enercon experienced collateral damage in February 2022 when a cyberattack on European satellite systems linked to Russia’s invasion of Ukraine disabled remote monitoring for nearly 6,000 turbines (11GW capacity). Unlike Enercon’s case, it remains unclear whether Nordex’s breach was opportunistic or a targeted ransomware attack.
The wind power industry has increasingly become a target for cyber threats, with the International Energy Agency (IEA) identifying such attacks as a major risk to renewable energy infrastructure. Insurers like GCube have also warned of rising cyber vulnerabilities, particularly during periods of operational disruption. As investigations into the Nordex incident continue, the broader sector faces growing pressure to bolster defenses against evolving cyber risks.
Vestas cybersecurity rating report: https://www.rankiteo.com/company/vestas
Nordex Group cybersecurity rating report: https://www.rankiteo.com/company/nordex
"id": "VESNOR1780527378",
"linkid": "vestas, nordex",
"type": "Ransomware",
"date": "4/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Renewable Energy (Wind Turbines)',
'location': 'Global',
'name': 'Nordex',
'type': 'Company'}],
'date_detected': '2023-03-31',
'date_publicly_disclosed': '2023-04-02',
'description': 'German wind turbine manufacturer Nordex has taken its IT '
'systems offline following a cyberattack detected on 31 March. '
'The company swiftly assembled an incident response team '
'comprising internal and external security experts to contain '
'the breach, prevent further spread, and assess potential '
'exposure. The disruption may impact customers, employees, and '
'other stakeholders.',
'impact': {'operational_impact': 'Disruption to operations, potential impact '
'on customers, employees, and stakeholders',
'systems_affected': 'IT systems across multiple locations and '
'business units'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2023-04-02',
'source': 'Nordex Public Statement'},
{'source': 'International Energy Agency (IEA)'},
{'source': 'GCube Insurance'}],
'response': {'communication_strategy': 'Public statement on 2 April',
'containment_measures': 'IT systems shutdown across multiple '
'locations and business units',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External security experts'},
'stakeholder_advisories': 'Customers, employees, and stakeholders may be '
'impacted',
'title': 'Nordex Cyberattack and IT Systems Shutdown',
'type': 'Cyberattack'}