[ad_1]
Car manufacturer Hyundai Motor Europe suffered a Black Basta ransomware attack, with attackers claiming to have stolen 3 terabytes of company data.
Hyundai Motor Europe is the European division of Hyundai Motor Company, headquartered in Germany.
BleepingComputer first learned about the attack in early January, but when we contacted Hyundai we were told it was simply an IT issue.
“Hyundai Motor Europe is experiencing an IT issue that the company is working to resolve as quickly as possible,” Hyundai told BleepingComputer at the time.
“Trust and security are the cornerstones of Hyundai’s business, and our priority is to protect our customers, employees, investors and partners.”
However, after sharing additional information that data had been stolen, Hyundai confirmed to BleepingComputer that it had suffered a cyberattack.
“Hyundai Motor Europe is investigating an incident in which an unauthorized third party gained access to a limited portion of Hyundai Motor Europe’s network,” Hyundai Motor Europe told BleepingComputer.
“Our investigation is ongoing and we are working closely with external cybersecurity and legal experts. Relevant local authorities have also been informed. Trust and security are fundamental to our business. , our priority is to protect our customers, employees, investors, and customers.”Partners. ”
Although the company has not disclosed what type of attack it suffered, BleepingComputer has confirmed that the Black Basta ransomware operation was carried out in early January claiming to have stolen 3TB of data from Hyundai Motor Europe. I learned.
In images seen by BleepingComputer, the attackers shared a list of folders allegedly stolen from a number of Windows domains, including one from KIA Europe.
It is unclear what data was stolen, but the folder names indicate that it is related to various departments within the company, including legal, sales, human resources, accounting, IT, and administration.
Hyundai previously disclosed a data breach that affected car owners and test drive bookers in Italy and France in April 2023.
Recently, Hyundai MEA’s X account was hacked to promote a site that drains cryptocurrency wallets.
Who is Black Busta?
The Black Basta ransomware gang became active in April 2022 and immediately launched a series of dual extortion attacks.
By June 2022, Black Basta partnered with QBot Malware Operation (QakBot) to decommission Cobalt Strike for remote access on corporate networks. Black Basta uses this access to spread to other devices on the network, steal data, and ultimately encrypt the devices.
Black Basta is believed to be an offshoot of the infamous Conti ransomware operation run by one of the previous Conti leaders.
The attackers have carried out a wide range of attacks since their inception, including attacks against the Toronto Library, Capita, American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
According to a report published by Corvus Insurance and Elliptic in November 2023, Black Basta is believed to have received more than $100 million in ransoms since its launch.
[ad_2]
Source link
