Germany Electric Cyber-Attack

12900829685?profile=RESIZE_400xThe German site of the company Hanwa Qcells, which offers solar systems and electricity, among other things, has suffered a cyberattack.  According to a customer letter obtained by heise online, the attack on the company's IT systems occurred on 14 July 2024.  Hanwa QCells has not yet responded to an inquiry from heise online about the incident.  They replied, “We will provide a statement as soon as it is available.”

In the attack, unknown third parties allegedly were successful in gaining access to parts of the customer and business partner database.   Personal data of customers and business partners has been leaked. The company is currently working on restoring their systems.[1]

Early in August, cyber criminals had published an entry on their dark web site and threatened to publish Hanwa Qcells' data on 9 August.  It is not yet known how many customers are affected by the data leak.  The cyber criminals offer a total of 5.4 TByte of data on their leak site.

12900828683?profile=RESIZE_400xData from Qcells is available for download.

The group "Abyss" is behind the attack.  The leaked data may include names, addresses, telephone numbers, email addresses, passwords and account details.  The German State Office of Criminal Investigation and the State Commissioner for Data Protection of Saxony-Anhalt are investigating. 

Phishing attacks - As a result of the attack, those Germans affected should be particularly vigilant and change their passwords both in the online store and in the "Q Partner Portal" as well as on other platforms where the password was used.  In addition to phishing attempts, there could also be an increase in credential stuffing attacks, in which attackers test login data obtained elsewhere, for example through leaks, to log into other accounts.    

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5378972949933166424

[1] https://www.heise.de/en/news/After-cyber-attack-solar-provider-Qcells-informs-customers-about-data-leak-9852797.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!