Automotive component supplier Denso on Monday confirmed that its group company in Germany's network suffered a cyber-attack after the Pandora ransomware gang began leaking sensitive details allegedly stolen during the assault.
Denso, one of the world's largest automotive components manufacturers firms is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. The company's clients include Toyota, Honda, General Motors, and Ford.
On March 10, the company detected unauthorized access using ransomware at DENSO Automotive Deutschland GmbH, a group firm responsible for managing sales and engineering in Germany, Denso spokesperson told Reuters. After the breach was detected, DENSO cut down the exposed system from the network and ensured that no other systems inside the facility were impacted.
While the incident is under investigation, Denso says that there is "no impact" on other facilities and no disruption has been caused to production plants or manufacturing schedules. The company has not shared any details regarding the attackers, a cybercrime group named Pandora has taken credit for the attack, claiming to have stolen 1.4 Tb of data.
“After detecting the unauthorized entry, Denso promptly lower off the community connection of units that obtained unauthorized entry and confirmed that there isn’t an impression on different Denso,” the company mentioned in a press release. "Denso would like to express its sincerest apologies for any concern or inconvenience resulting from this incident. Denso Group will once again strengthen security measures and work to prevent a recurrence."
In an effort to support their claims, the attackers released samples of the stolen datasets, as well as several images of documents. Based on the samples published by threat actors, tens of thousands of documents, spreadsheets, presentations, and images have been exposed, including many that reference customers and employees.
It remains unclear how malicious actors secured access to the company’s network, but after Pandora took responsibility for the attack, one researcher claimed he alerted the company a couple of months ago that attackers had been selling access to its network.
The Pandora ransomware seems to be new, but security expert pancak3 believes that it is a rebranding of the Rook ransomware due to code similarities and packers used by the operation. A sample of the Pandora ransomware was spotted on VirusTotal by Intezer as Rook, suggesting code similarities.