Oettinger confirms cyber incident, begins investigating

German beer and drinks giant Oettinger Getränke (Oettinger Brauerei or Oettinger) has confirmed that it suffered a cyber attack following claims made by threat actors.

On 5 May, the RansomHouse ransomware gang listed the drinks manufacturer on its dark web leak site, claiming to have exfiltrated and encrypted business data.

“Dear management of OeTTINGER Brauerei and Pia Kollmar. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us,” the listing said.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Pia Kollmar is the company’s majority shareholder and managing director and is ranked among the top 100 most influential businesswomen in Germany.

Now, in a statement shared with Cyber Daily, Oettinger has confirmed that it suffered a cyber attack.

“We are currently investigating the cyber attack on OeTTINGER GETRÄNKE in conjunction with IT forensic experts, the data protection authority and cyber crime specialists,” said Oettinger.

“We are also conducting an investigation into the potential for data leaks. For forensic reasons, we are unable to provide any further details at this moment.

VIEW ALL

“Production and logistics have not been affected by the cyber attack.“

While Oettinger has not shared the nature of the incident or named the threat actor, a sample within RansomHouse’s listing appears to contain data relating to logistics, fleet and fleet management, maintenance, warehouse management, exchange, shipping, quality assurance, project technology, production and more.

RansomHouse is a ransomware-as-a-service (RaaS) operation that first appeared in 2021. The group claims to differentiate itself from other RaaS operations by not performing double extortion by only exfiltrating data, not encrypting it. However, as previously stated, this was not the case with Oettinger.

The group typically operates by targeting victims using phishing and spear phishing emails, but it has also been observed using other third-party software to gain access to victim networks, according to SentinelOne.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Oettinger confirms cyber incident, begins investigating

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED