Japanese automotive components manufacturer Denso has disclosed a cybersecurity incident, in which a malicious actor breached a computer network of its German branch. Due to the attack the company shut down the network connection of affected devices.
Denso is one of the world's largest automotive suppliers of technology and components found in almost all vehicles around the globe, including Toyota, Honda, FCA, General Motors, Ford, Volvo Mercedes-Benz.
“DENSO has confirmed that its group company in Germany network was illegally accessed by a third party on March 10, 2022. After the detecting the unauthorized access, DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities. Details are under investigation, there is no interruption to production activities. The company keeps operating its all plants as usual,” the company said in a statement on its website posted on March 14.
Denso said it has reported the incident to the relevant authorities, but the company hasn’t shared any details on the nature of the attack. It appears, however, that the hack was the work of a new ransomware gang called Pandora. Earlier in the week, the group began leaking 1.4TB of data allegedly stolen from Denso.
Pandora ransomware operation first appeared in March 2022. Like other ransomware gangs, it targets corporate networks and steals data for double-extortion attacks. According to a security researcher known as “pancak3,” Pandora may be a rebrand of the Rook ransomware due to code similarities and packers used by the group. Rook is believed to be built on the source code of the Babuk ransomware, which was leaked on a hacker forum in September 2021.