Hackers Breach DENSO’s German Networks
DENSO supplies automotive components to big-name car brands like Toyota, Ford, Honda, Fiat, Volvo, General Motors, and Mercedes-Benz. While it operates out of Japan, the company has a global presence with over 200 subsidiaries and more than 168,000 employees. In a statement, DENSO said it detected intruders in its German networks on March 10. Consequently, it immediately cut off access to the rest of its network, thereby protecting its operations. The company says the incident has not affected any of its production activities. “DENSO has already reported this incident to the local investigative authorities. The company is working with them and specialized cyber security agencies to deal with this situation,” DENSO added.
1.4 TB of DENSO Data Allegedly Leaked
This is the third major cyberattack against car manufacturers in 2022 after Bridgestone and Toyota. Last month, the latter had to temporarily shut down its manufacturing plants in Japan because of a cyber incident affecting one of its suppliers. In this instance, it appears the hackers have leaked information such as purchase orders, technical schematics, and non-disclosure agreements onto the dark web. The leaked data file was listed on March 13 and contains 1.4 TB of information. However, security researchers previously found credentials belonging to DENSO on dark web listings. Therefore, it is unclear if this latest listing actually contains data from the most recent DENSO hack. At this time, it is also unclear if the hackers were able to successfully encrypt files on DENSO’s network before detection.
Details on Pandora Ransomware
Pandora is a brand new ransomware operation, albeit one that follows many of the standard procedures associated with ransomware attacks today. The operation was first noticed this month, and it specifically targets corporate networks. When encrypting a device, the ransomware will append the .pandora extension to encrypted files names. It also provides a ransom note to the victim which explains what happened along with an email address to carry forward communication. Since this operation is so new, it is currently unclear how it gains access to networks. Some security researchers believe that Pandora is a rebrand of Rook ransomware. The world of ransomware can be both scary and fascinating. In many cases, ransomware authors do not infect systems themselves. Instead, they’ve taken a page from organized crime playbooks — selling their malicious software along with operating instructions to other cybercriminals and taking a percentage of any future ransoms. You can read more about these organized syndicates in our article on Ransomware-as-a-Service (RaaS).
