Automotive components supplier Denso confirms cyber attack
Statement from components giant came after Pandora ransomware group began publishing stolen data
Japan-based Denso, one of the world's largest suppliers of automotive components, has confirmed a cyber attack impacting its group company in Germany network.
In a statement published on its website, the firm said that a third party illegally accessed the computer systems of its facilities in Germany on 10th March 2022.
After detecting the illegal access, Denso immediately terminated connectivity on the network that had received unauthorised access.
It also confirmed that there was no impact on other Denso facilities.
The breach is currently under investigation, the firm said, adding that production at its manufacturing plants was not disrupted as a result of the incident.
Denso has informed local authorities of the cyberattack and is working with them as well as specialist cyber security experts to deal with the situation.
Denso is global supplier of automotive parts and components, particularly for self-driving cars, connectivity and mobility services.
The company says its products and technologies are used in almost all automotive companies around the globe.
Denso is headquartered in Japan, although it has over 200 subsidiaries and about 168,400 workers worldwide. Its clients include Honda, Toyota, Ford and General Motors.
The company's consolidated revenue for the fiscal year 2020-2021 was $44.6 billion.
While Denso claims that the hack had no effect on their operations, Mitsui Bussan Secure Directions, a Japanese cyber security company, told Japanese news website NHK that a new ransomware gang called Pandora has started publishing 1.4 TB of data reportedly taken during the breach.
Pandora posted a message on the dark web on Sunday, claiming to have stolen more than 157,000 items totalling 1.4 TB of data from the Toyota Motor Group, according to Mitsui Bussan.
Toyota's purchase orders, emails and part drawings are among the data stolen, and Pandora is now threatening Denso with the disclosure of its trade secrets, according to reports.
Pandora ransomware is a new cybercrime group that began operating in March 2022 and is currently targeting business networks in order to steal data for double-extortion attacks.
Because of code similarities and packers used by the operation, security researcher 'pancak3' thinks that Pandora is a rebranding of Rook ransomware.
It is currently not known if Pandora operators were able to effectively encrypt data on Denso network before the attack was detected.
The hack against Denso is the latest in series of cyber attacks targeting carmakers or notable auto parts manufacturers.
Last month, Toyota was forced to halt operations at all of its factories after one of its suppliers, Kojima Industries, was targeted in a cyberattack.
A spokesperson for Kojima said that a virus was found on its servers. "A threatening message was also found, raising the possibility that it was attacked by ransomware," the spokesperson added.
Tyre firm Bridgestone also confirmed last week that it had been the victim of a ransomware attack in late February, for which the LockBit group had accepted responsibility.
The company said that parts of its South and North American businesses had been impacted as a consequence of the attack.