Alcoa Corporation Faces Cybersecurity Crisis with Ransomware Attack

Incident Date:

April 8, 2024

World map



Alcoa Corporation Faces Cybersecurity Crisis with Ransomware Attack


Alcoa Corporation




Pittsburgh, USA

Pennsylvania, USA

First Reported

April 8, 2024

Ransomware Attack on Alcoa Corporation

Victim Profile

Alcoa Corporation, a vertically integrated aluminum company, has been targeted in a ransomware attack by the 8Base group. The company operates in the Minerals & Mining sector with operations in bauxite mining, alumina refining, and aluminum smelting and casting. Alcoa Corporation has direct and indirect ownership of 27 locations across nine countries on six continents, with a headquarters in Pittsburgh, Pennsylvania.

Company Size and Industry Standing

A significant player in the industry, with 107 manufacturing facilities on four continents and over 14,400 employees. The company reported over $6 billion in sales in 2023. Market capitalization as of April 25, 2024, is $6.57 billion.

Past Attacks

In 2008, unidentified individuals stole thousands of email messages and attachments from the company's computers. This was part of a broader cyberattack by Chinese military hackers that targeted the company, along with Allegheny Technologies and U.S. Steel Corp. between 2006 and 2014. The hackers were accused of illegally breaching the companies' computers to steal trade secrets and other data.

April 2024 Attack

The recent ransomware attack on the corporation by the cybercriminal group 8base underscores the severe showcases and dangers associated with such attacks. Despite the unclear circumstances surrounding the publication of the compromised information on the web, it is readily accessible with a simple online search. This incident serves as a reminder of the potential devastating impact ransomware attacks can have on targeted companies.

Vulnerabilities and Targeting

Due to its extensive operations and global reach, the corporation presents an attractive target for threat actors like the 8Base ransomware group. The company's network of locations and business segments may provide multiple entry points for cyber attacks. Additionally, the sensitive nature of the data involved in mining and refining processes could make the corporation more susceptible to ransomware attacks involving data theft and extortion.

The size and scale of the corporation's operations may pose challenges in terms of securing its infrastructure, potentially leaving gaps that threat actors can exploit. The ransomware attack by 8Base underscores the importance of robust cybersecurity measures for companies operating in critical sectors like mining and manufacturing.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.