Nordex Hit by Cyberattack, Shuts Down IT Systems Across Global Operations German wind turbine manufacturer Nordex has taken its IT systems offline following a cyberattack detected on 31 March. The company swiftly assembled an incident response team comprising internal and external security experts to contain the breach, prevent further spread, and assess potential exposure. In a 2 April statement, Nordex confirmed the attack was identified early, prompting a precautionary shutdown of systems across multiple locations and business units. The disruption may impact customers, employees, and other stakeholders, though no additional details have been disclosed. The incident follows a pattern of cyber threats targeting the renewable energy sector. In November 2021, Danish turbine manufacturer Vestas suffered a ransomware attack by the Lockbit group, which later leaked stolen data on the dark web. Unlike politically motivated attacks, Lockbit has maintained an apolitical stance, stating its sole focus is financial gain. Meanwhile, Enercon experienced collateral damage in February 2022 when a cyberattack on European satellite systems linked to Russia’s invasion of Ukraine disabled remote monitoring for nearly 6,000 turbines (11GW capacity). Unlike Enercon’s case, it remains unclear whether Nordex’s breach was opportunistic or a targeted ransomware attack. The wind power industry has increasingly become a target for cyber threats, with the International Energy Agency (IEA) identifying such attacks as a major risk to renewable energy infrastructure. Insurers like GCube have also warned of rising cyber vulnerabilities, particularly during periods of operational disruption. As investigations into the Nordex incident continue, the broader sector faces growing pressure to bolster defenses against evolving cyber risks.

Vestas, the world’s largest supplier of wind turbines suffered from a data breach incident in November 2021. Customers, employees, and other stakeholders may be affected by this incident, also internal IT infrastructure and data have been exposed. However, there is no evidence that the incident has had an effect on third-party operations, such as customer and supply chain operations. Teams from Vestas' manufacturing, construction, and service departments have been able to carry on with their work. They took preventative steps and sent notifications to the individuals.