After a new Pandora ransomware campaign began exposing data purportedly obtained during the attack on March 10th, automotive components giant DENSO revealed it had been the victim of a cyberattack. DENSO is one of the world’s major automotive component makers, delivering a wide range of electrical, electronic, powertrain control, and other specialist parts to companies including Toyota, Mercedes-Benz, Ford, Honda, Volvo, Fiat, and General Motors.
The company is based in Japan, although it has over 200 subsidiaries and 168,391 employees worldwide, with a revenue of $44.6 billion in 2021. DENSO reported that their business network in Germany was compromised on March 10th, 2022. According to the company, it identified the unauthorized access and acted quickly to shut the intruder off from the rest of the network equipment, limiting the harm to the German division only.
This security breach is not likely to impair the supply chain because all industrial units and facilities are operating regularly. A DENSO supply chain interruption would have a domino effect on automobile manufacturing at several locations globally, wreaking havoc on an industry already struggling due to chip shortages and closure of Ukraine-based operations. While DENSO claims that the intrusion did not affect their operations, the new Pandora ransomware gang has started releasing 1.4TB of files that were supposedly taken during the network breach.
Purchase orders, technical drawings, non-disclosure agreements, and other documents were among the data leaked. The company said that at this time, they are unable to confirm if the disclosed files were taken in the latest incident. Because DENSO has alerted local investigating authorities about the breach, copying, distributing, or publishing the disseminated files would be a violation of the company’s intellectual property rights.
While Pandora is a ransomware group with its own encryptor, it’s unclear whether they could encrypt data on DENSO’s network before the attack was discovered. A few months ago, a security researcher claimed to have found a network access listing on a dark web market and alerted DENSO to the compromised credentials. Despite the possibility of purchasing an early access offering, the corporation has not stated how they were compromised at this time.
The DENSO cyberattack is the third in 2022 on a major automotive or auto parts manufacturer. The world’s largest automaker Toyota had to shut down 14 of its Japanese plants in February owing to a catastrophic IT breakdown at one of its leading suppliers. Bridgestone revealed this week that the LockBit gang was responsible for a late February ransomware attack and that parts of its South and North American businesses were affected as a result.