Japanese car parts giant Denso on Monday said hackers recently accessed its network in Germany, and the incident appears to have involved a piece of ransomware.
Denso, one of the world’s largest technology and component providers for the automotive industry, said its network was illegally accessed on March 10.
The Fortune Global 500 company shut down the network connections of compromised devices after detecting the breach. The incident has not led to disruption of production activities, with plants operating normally, Denso said.
While the company has not shared any information about the attackers, a cybercrime group named Pandora has taken credit for the attack, claiming to have stolen 1.4 Tb of data.
In an effort to demonstrate their claims, the hackers have made available a list of files allegedly stolen from Denso, as well as several images of documents. Based on the list of files provided by the hackers, tens of thousands of documents, spreadsheets, presentations and images have been compromised, including many that reference customers and employees.
It’s unclear how the hackers gained access to Denso’s network, but after Pandora announced the attack, one researcher said he warned the company a couple of months ago that threat actors had been selling access to its network.
The Pandora ransomware appears to be new, but several experts say it’s a rebranding of the Rook ransomware. And while Denso said it was breached on March 10, the company was also listed on Rook’s leak website back in late December 2021. The hackers at the time claimed to have stolen 1.1 Tb of files.
In addition to using malware to encrypt files on compromised systems, the cybercriminals steal files from victims in an effort to increase their chances of getting paid. The group’s data leak website currently lists five victims, all announced in the past month.
Attacks on suppliers can have serious implications for the automotive industry. The news of a breach at Denso comes two weeks after Toyota halted operations at its plants in Japan after a major supplier was hit by a cyberattack. Denso is also a supplier for Toyota, but the incidents do not appear to be related.
“With the Pandora hacking group claiming 1.4TB of data has been stolen, it’s imperative that manufacturers secure their data, not just their networks,” said Shane Curran, CEO at Irish encryption firm Evervault. “Manufacturers must understand how strong their encryption is and whether they’re inadvertently storing information in a way that makes it easy for cybercriminals to access sensitive information, not just about themselves but their partners and customers.”