Dive Brief:

• PSI Software, a Germany-based critical infrastructure software and logistics platforms vendor, is running at diminished capacity following a ransomware attack the company initially detected Thursday.
• The attack impacted PSI’s internal IT infrastructure and the company responded by shutting down all external connections and systems, PSI said in an update Monday. The remainder of the company’s website is offline.
• “We are currently analyzing the exact vector of the attack,” PSI said in a statement. “There are at present no indications that PSI systems at customer sites have been compromised. According to current knowledge, there was no access to remote connections for the maintenance of customer systems.”

Dive Insight:

The attack against PSI comes during a period of heightened malicious activity against critical infrastructure and worry about threat actors gaining footholds in their IT environments.

PSI Software provides control systems for energy control, operational management, network utilization, pipeline management and leak detection. PSI operates a subsidiary in the U.S. and purchases products from large U.S.-based enterprise vendors including IBM, Microsoft, Oracle and SAP.

The company shut down its email system after it discovered unusual activity on its network on Feb. 15. Email correspondence remains offline and PSI said it contacted German authorities and outside experts based on their recommendations.

Federal cyber officials issued multiple warnings this month about China state-linked actors prepositioning for potential future disruptions. State-sponsored threat actors embedded themselves inside critical infrastructure systems spanning transportation, energy, communications and water with some intrusions dating back to 2019.