The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior components and employs over 57,000 people in 240 locations worldwide. The company constitutes a crucial part of the supply chain for these automakers. Earlier this month, it was reported that Yanfeng was impacted by a cyberattack that directly affected Stellantis, forcing the car company to stop production at its North American plants. The Chinese company remained unresponsive to inquiries for comments regarding the situation. Stellantis told BleepingComputer they suffered a disruption due to an "Issue" at an external supplier. "Due to an issue with an external supplier, production at some of Stellantis' North America assembly plants was disrupted the week of November 13," Stellantis shared in a statement. "Full production at all impacted plants had resumed by November 16.". The Qilin ransomware group, also known as "Agenda," claimed the attack on Yanfeng by adding them to their Tor data leak extortion site yesterday. The threat actors published multiple samples to prove their alleged access to Yanfeng systems and files, including financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports. Qilin has threatened to release all data in their possession in the coming days, but no specific deadline was set. The Qilin ransomware gang launched its RaaS platform at the end of August 2022 under the name 'Agenda. In 2023, the threat actors rebranded their ransomware under the name 'Qilin,' which they operate under today. The threat actors target companies in all sectors, and many attacks feature customization in the process termination and file extension changes to maximize impact. Group-IB managed to infiltrate Qilin's operations and published a report in May 2023 to share the intelligence it collected, including details about the gang's recruiting, admin panel features, and target exclusions. Ransomware attack on indie game maker wiped all player accounts. Toronto Public Library confirms data stolen in ransomware attack. MGM casino's ESXi servers allegedly encrypted in ransomware attack. BlackCat ransomware claims breach of healthcare giant Henry Schein. Toronto Public Library outages caused by Black Basta ransomware attack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000