Sponsored By

Johnson Controls International Disrupted by Major Cyberattack

The company filed with the SEC and is assessing its operations and financial damages.

Dark Reading Staff

September 28, 2023

1 Min Read
Two people at the front counter of a Johnson Controls establishment
Source: Imaginechina Limited via Alamy Stock Photo

Johnson Controls International (JCI) this week reported in a filing with the US Securities and Exchange Commission (SEC) that it had suffered a cyberattack that caused disruptions to its internal IT infrastructure.

In addition, two of the company's subsidiaries, Simplex and York, are reportedly displaying messages of a "technical outage" on customer portals and login pages.

Gameel Ali, a researcher at Nextron Systems, shared a tweet including a ransom note from cybergang Dark Angels in its VMware ESXi encryptor, stating: "HELLO dear Management of Johnson Controls International! If you are reading this message, it means that: your network infrastructure has been compromised, critical data was leaked, files are encrypted, backups are deleted." The note went on to say, "The best and only thing you can do is to contact us to settle the matter before any losses occurs."

The gang has allegedly stolen over 27TB of data and encrypted the company's VMware ESXi machines in a ransomware attack.

"Johnson Controls is one of the leaders in digital technologies and services for buildings in key industries such as healthcare, airports, hotels and stadiums," Lior Yaari, CEO and co-founder of Grip Security, said in an emailed statement. "If the breach expands beyond the company itself to the systems deployed by their customers, this attack could wreak havoc on huge swaths of businesses."

Johnson Controls said in the SEC filing that its applications remain operation and unaffected but that it continues to review the financial impact on its fiscal year results. The company has also established an incident management and protection plan to mitigate fallout from the attack.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights