[German]Vehicle manufacturer Hyundai and its European branch Hyundai Motor Europe have fallen victim to a ransomware attack by the Black Basta group. This has become known because the ransomware gang has disclosed data from this cyber attack – the vehicle manufacturer Hyundai had only reported a "technical problem" in response to inquiries from Bleeping Computer.
Hyundai Motor Europe
Hyundai Motor Europe GmbH is the European division of the South Korean car manufacturer Hyundai Motor Company, headquartered in Offenbach am Main, Germany. The European headquarters have been located in Offenbar since 2000 and Hyundai also maintains a research center in Frankfurt.
Suspicion of a cyber incident in January 2024
Our colleagues at Bleeping Computer uncovered the case in this post, thanks to 1ST1 for the tip. It's the old game: In January 2024, Bleeping Computer had been tipped off that there had probably been a cyberattack on the carmaker. However, the carmaker responded to an inquiry from Lawrence Abrams (see) that there were only "IT issues" and the issue was "shelved". Bleeping Computer quotes from the company's response: ""Hyundai Motor Europe is experiencing IT issues, which the company is working to resolve as quickly as possible. Trust and security are fundamental to Hyundai's business and our priority is the protection of our customers, employees, investors, and partners."
Black Basta ransomware strikes
At the end of the day, cyber incidents usually becomes public. Now Bleeping Computer revealed here that Hyundai Motor Europe GmbH has fallen victim to Black Basta ransomware. Hyundai Motor Europe GmbH has now confirmed to Bleeping Computer that it is investigating a cyber incident:
Hyundai Motor Europe is investigating in a case in which an unauthorized third party has accessed a limited part of the network of Hyundai Motor Europe. Our investigations are ongoing, and we are working closely with external cybersecurity and legal experts. Relevant local authorities have also been notified. Trust and security are fundamental to our business, and our priority is the protection of our customers, employees, investors, and partners.
The company has therefore identified access to its data by an unauthorized third party and is investigating the case and has also called in external cyber security specialists and lawyers. The relevant authorities have also been informed. This is garnished with the conclusion "Trust and security are fundamental to our business and our priority is to protect our customers, employees, investors and partners."
No word on what really happened, but Bleeping Computer seems to have learned that the Black Basta ransomware claims to have carried out an operation in early January 2023 that stole 3 terabytes of data from Hyundai Motor Europe. Bleeping Computer claims to have seen screenshots shared by the ransomware group.
The screenshots showed lists of folders that were allegedly stolen from numerous Windows domains, including those of KIA Europe. It is unknown which data was stolen, writes Bleeping Computer. But the folder names suggest that the files relate to various departments of the company, including legal, sales, human resources, accounting, IT and management.
I hadn't brought it up, but in January 2024 there were reports of hacks of various X accounts, and Hyundai was among them (see). Black Basta has only been active since April 2022, but has carried out a number of successful attacks. It is said that the perpetrators joined forces with the QBot malware group (QakBot) in June 2022. Since then, they have been using Cobalt Strike for remote access to corporate networks.
The assumption is that Black Basta is one of the members of the Conti ransomware gang. The business model consists of penetrating company networks, extracting data and encrypting files. The victims are then blackmailed into disclosing their data, among other things. However, it appears that the blackmail did not work at Hyundai, so the Black Basta incident, including data samples, was made public.
Cookies helps to fund this blog: Cookie settings