The Ongoing Cyberwar Nobody Talks About
No, this is not about the overall increase in malware and ransomware attacks we’re witnessing on in recent years. It’s about something that I believe has happened in the last couple of days and is still happening as I write this, yet absolutely nobody mentions it!
Last week, REvil ransomware affiliates were arrested in Romania and Kuwait. The European Union Agency for Criminal Justice Cooperation is happy. Some even believe that the BlackMatter, created when when both REvil and DarkSide dismantled themselves, is shutting down its operations due to increased pressure from law enforcement.
I see trees of green, red roses too
I see them bloom for me and you
And I think to myself
What a wonderful world.
Yeah, sure.
🤯 Meanwhile, on Nov. 8 the European electronics retail giant MediaMarkt & Saturn suffered a Hive Ransomware attack, with an unrealistic initial ransom demand of $240 million. The group’s 3,100 Windows servers were affected, and the retailer could only sell what was physically in store, with cash payments! As I’m writing this, the “technical issues” reported by Saturn and by MediaMarkt are still ongoing. (In German, read also this and this.)
I’m not buying it, but Here’s what we know about Hive, the group that may have shut down MediaMarkt systems.
What I know is what follows:
- Several US and multinational companies were hit by ransomware in the hours before MediaMarkt was struck, and other companies continued to be targeted by ransomware and DDoS attacks afterwards. Some were international companies, some others were ISPs (in the case of DDoS). Totally different kinds of attacks, but still.
- Several German companies in the automotive field were also hit by ransomware this week (say, November 8 to 11). I won’t give names, because not a single one of them admitted having issues, but I have sources saying that big or small, a good number of them were in big trouble. As if they were in the Soviet Union, there’s a total silenzio stampa about these incidents, though. You see, there are stocks to care about.
- Beyond MediaMarkt and Saturn, other online stores are likely to have been hit. On Nov. 10, Heise’s online shop had the peculiarity that no matter what article you clicked, all you were getting was a “maintenance” page. The issue has been fixed, but how many e-shops were affected without even mentioning the fact?
- This morning, the 112 and 110 (police) emergency numbers were down in Baden-Württemberg, and, as they announced they’re back on, I had reports that other parts of Germany were still experiencing 112/110 outages. Here’s an article reporting such emergency lines outages in the states of Baden-Württemberg, Brandenburg, Mecklenburg-Western Pomerania, Lower Saxony, Rhineland-Palatinate, Saarland, Saxony and Schleswig-Holstein, and in larges cities such as Berlin, Frankfurt am Main, Hamburg and Cologne. Officially, they blame it on Deutsche Telekom.
There is something rotten in the state of Denmark. I can surely understand the CEOs who fear the reaction of the Stock Exchange, and who therefore impose the omertà, but how about the Federal agencies such as the Bundesamt für Sicherheit in der Informationstechnik (BSI), the Bundesnachrichtendienst (BND), and the Bundesverfassungsschutz (BfV)? Aren’t they supposed to do something about that? (I couldn’t find anything relevant in BSI’s Cyber-Sicherheitswarnungen.)
In the former USSR, when “nothing happened” (Stalin didn’t die, Chernobyl didn’t explode, there was no coup attempt against Gorbachev, etc.) the state radio and television were broadcasting symphonic music and ballet. Nowadays, how are we supposed to detect when “nothing happens” in a severe way?

Small update: Hoax Email Blast Abused Poor Coding in FBI Website.
JUST IN – Hackers compromised the FBI external email system today, sending out fake emails about fake cyberattacks (Spamhaus/Bloomberg)
— Disclose.tv (@disclosetv) November 13, 2021
To date, this is still the only reference to the ransomware that I believe to have been caused this hushed-up havoc: Ransomeware Attack – Encrypted Files with J18U7 Extension.
It’s strange that nobody talks about it.
One hint that the German industry has been hit by a huge ransomware attack that they simply covered up like in the Soviet times: the job offers on Stepstone, such as:
• ITK Engineering GmbH: Cyber Security Penetration Tester (w/m/div.), 1 week ago
• genua GmbH: Penetration Tester (d/m/w), 4 days ago
• 1&1: IT-Security Pentester (w/m/d), 3 days ago
• Sopra Steria: IT Information Security Specialist (m/w/d), 3 days ago
• Daimler TSS GmbH: Penetration Testerin (m/w/d) CarIT / Offensive Cyber Security, 6 days ago
• Daimler TSS GmbH: Penetration Testerin | IT-Security Expertin (m/w/d) | Offensive Cyber Security | Applications and Infrastructure, 1 week ago
• Daimler TSS GmbH: PENETRATION TESTER (M/W/D) APPLICATIONS | OFFENSIVE CYBER SECURITY, 1 week ago
• Daimler TSS GmbH: (Senior) Offensive Security Engingeer / Redteam Engineer / PenTester (m/w/d), 2 days ago
• Daimler TSS GmbH: Cyber Security – SOC Analyst (m/w/d), 1 week ago
• Mercedes-AMG GmbH: AMG Cyber Security Professional (m/w/d), 1 week ago
• PwC: Penetration Tester / Incident Response Professional (w/m/d), 1 week ago
• umlaut: Penetration Tester (m/w/d) im Bereich Cyber Security, 1 week ago
• magellan netzwerke GmbH: Security / SOC Analyst (m/w/d), 2 days ago
• Wüstenrot & Württembergische AG: Spezialist Informationssicherheit (m/w/d), 1 week ago
• ESCRYPT GmbH (subsidiary of ETAS GmbH, which belongs to the Bosch Group): Security Associate (Engineer/Consultant/Pentester) (m/w/d), 1 week ago
• Ernst & Young GmbH: Malware Analyst:in Cybercrime Investigations & Incident Response (w/m/d), 1 week ago
• imbus AG: Security / Penetration Tester (m/w/d), 1 week ago
• Materna Information & Communications SE: IT Security Specialist SOC (m/w/d), 2 weeks ago
• TÜV Rheinland Group: Junior Penetrationstester/Ethical Hacker (w/m/divers), today
• Continental AG: (Senior) Researcher Product Cybersecurity and Privacy (m/w/divers), today
• Ratbacher GmbH: Spezialist Informationssicherheit (m/w/d) – Mitarbeiter IT Sicherheit, today
• BMW Group: Automotive Security Penetration Tester (f/m/x), 5 days ago
• Swiss Life Deutschland Holding GmbH: Cyber Threat Analyst (m/w/d), 3 days ago
• ARAG IT GmbH: Senior IT-Security Analyst (m/w/d), today
• Siegwerk Druckfarben AG & Co. KGaA: Information Security Expert (m/f/d), today
• KPMG AG: (Junior) Consultant / Berater (w/m/d) IT-Sicherheit / IT Security, today
Not only the industry, but the business auditing seems particularly interested: PwC, Ernst & Young GmbH and KPMG AG are in the list! And to quote from the last one’s announcement:
Wow, Incident Response after a cyberattack! Why are all of a sudden focused on such a thing if there wasn’t, officially, and mass cyberattack in Germany?