Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, we were told they were just experiencing IT issues.
After sharing additional information we had learned about data being stolen, Hyundai confirmed to BleepingComputer that they suffered a cyberattack.
The company did not specify what type of attack they suffered, but BleepingComputer learned the Black Basta ransomware operation conducted it in early January when they claimed to have stolen 3 TB of data from Hyundai Motor Europe.
In an image seen by BleepingComputer, the threat actors shared lists of folders that were allegedly stolen from numerous Windows domains, including those from KIA Europe.
While it is not known what data was stolen, the folder names indicate its related to various departments at the company, including legal, sales, human resources, accounting, IT, and management.
Hyundai previously disclosed a data breach in April 2023 that impacted Italian and French car owners and those who booked a test drive.
More recently, Hyundai MEA's X account was hacked to promote sites with crypto wallet drainers.
The Black Basta ransomware gang launched its operation in April 2022 and quickly launched a stream of double-extortion attacks.
By June 2022, Black Basta had partnered with the QBot malware operation to drop Cobalt Strike for remote access on corporate networks.
Black Basta would use this access to spread to other devices on the network, steal data, and ultimately encrypt devices.
Black Basta is believed to be an offshoot of the notorious Conti ransomware operation, run by one of the previous Conti leaders.
Since its launch, the threat actors have been responsible for a wide range of attacks, including those against the Toronto Library, Capita, American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
A report from Corvus Insurance and Elliptic in November 2023 says that Black Basta is believed to have received over $100 million in ransom payments since its launch.
Water services giant Veolia North America hit by ransomware attack.
MGM Resorts ransomware attack led to $100 million loss, data theft.
Ransomware victims targeted by fake hack-back offers.
Hospitals ask courts to force cloud storage firm to return stolen data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 08 Feb 2024 20:20:21 +0000