Black Basta ransomware attack strikes Hyundai Motor Europe

Hyundai Motor Europe, a car manufacturer, fell victim to a Black Basta ransomware attack. The threat actors allege to have pilfered three terabytes of corporate data.

Feb 8, 2024 - 13:00
  Source
 0  25
Black Basta ransomware attack strikes Hyundai Motor Europe

Hyundai Motor Europe has confirmed being hit by a ransomware attack orchestrated by the Black Basta group, leading to the exfiltration of three terabytes of company data. The European division of Hyundai Motor Company, based in Germany, initially described the incident in early January as IT difficulties. At that time, Hyundai's statement to BleepingComputer highlighted their commitment to resolving the IT issues promptly and emphasized the importance of trust and security in protecting stakeholders.

However, upon receiving further details about the theft of data, Hyundai acknowledged the cybersecurity breach. "Hyundai Motor Europe is conducting an investigation into an incident where an unauthorized entity accessed a portion of our network," Hyundai Motor Europe disclosed to BleepingComputer, adding that the inquiry was supported by external cybersecurity and legal professionals and that relevant authorities had been informed.

Although Hyundai did not elaborate on the specifics of the attack, BleepingComputer's findings point to the involvement of the Black Basta ransomware group in early January, with claims of pilfering 3 TB of data from Hyundai Motor Europe. Screenshots provided to BleepingComputer showed directories purportedly taken from various Windows domains, including those belonging to KIA Europe, suggesting that the stolen data spanned multiple corporate divisions such as legal, sales, HR, accounting, IT, and management.

This incident follows a previous data breach disclosed by Hyundai in April 2023, affecting car owners in Italy and France, as well as individuals who had scheduled test drives. More recently, Hyundai MEA's social media account was compromised to promote fraudulent cryptocurrency sites.

Black Basta, suspected of being linked to the infamous Conti ransomware syndicate, emerged in April 2022 and has since engaged in numerous high-profile ransomware campaigns, leveraging partnerships with malware groups for network infiltration and data theft. Reports from November 2023 by Corvus Insurance and Elliptic estimate that Black Basta has amassed over $100 million in ransom payments since its inception.