March 18, 2022–According to a story by Security Week, Japanese car parts company Denso says hackers accessed its network in Germany involving a piece of ransomware.
The company, one of the world’s largest technology and component providers for the automotive industry, says in the story it shut down the network connections of compromised devices after detecting the breach. To date, the company says the incident has not led to disruption of production activities, with plants operating normally. A cybercrime group named Pandora has taken credit for the attack, claiming to have stolen 1.4 Tb of data.
In an effort to demonstrate their claims, the hackers have made available a list of files allegedly stolen from Denso, as well as several images of documents. Based on the list of files provided by the hackers, tens of thousands of documents, spreadsheets, presentations and images have been compromised, including many that reference customers and employees.
Experts say the Pandora ransomware appears to be new, but several believe it’s a rebranding of the Rook ransomware. And while Denso said it was breached on March 10, the company was also listed on Rook’s leak website in December 2021. The hackers at the time claimed to have stolen 1.1 Tb of files.
Attacks on suppliers can have serious implications for the automotive industry. The news of a breach at Denso comes two weeks after Toyota halted operations at its plants in Japan after a major supplier was hit by a cyberattack.
“With the Pandora hacking group claiming 1.4TB of data has been stolen, it's imperative that manufacturers secure their data, not just their networks,” Shane Curran, CEO at Irish encryption firm Evervault says in the article. “Manufacturers must understand how strong their encryption is and whether they’re inadvertently storing information in a way that makes it easy for cybercriminals to access sensitive information, not just about themselves but their partners and customers.”
