The automotive parts giant named DENSO is the latest corporation to fall victim to a hacking attack. The company has offices all over the world and supplies parts to brands including General Motors, Fiat, Volvo, Toyota, and others.
Collectively the company and its subsidiaries employ more than 160,000 people and boasts revenues of more than $44 billion USD (in 2021).
The company had this to say about the incident:
“DENSO has confirmed that its group company in Germany network was illegally accessed by a third party on March 10, 2022.
After the detecting the unauthorized access, DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities.”
Given DENSO’s size, it is fortunate that the attack didn’t shut down any of the company’s production facilities. We’re only just getting the supply chain issues caused by the pandemic sorted out and this could have thrown much of the automotive industry into a tailspin.
The Pandora Ransomware gang is new and the operation apparently launched in March 2022. Their stated goal is to target large corporate networks, and steal data before encrypting their files to profit in two ways.
Although the gang itself is new, some security researchers believe that the malware itself is not new but simply rebranded as it bears striking similarities to another ransomware strain called Rook.
Rebranding is not at all uncommon in the hacking world. Many groups periodically do that in a bid to continue to evade law enforcement. At this point, the jury is still out. We don’t have definitive proof either way that Pandora is a new gang or a rebranded older one.
Whatever the case, they’ve seen fantastic initial success having apparently made off with more than 1.4 TB of data. That data includes purchase orders, technical schematics, NDAs, and the like. It is just a matter of time before the group strikes again.