February 8, 2024 at 03:21PM
Hyundai Motor Europe experienced a Black Basta ransomware attack, potentially compromising three terabytes of data. Initially reported as IT issues, Hyundai later confirmed the cyberattack, involving unauthorized network access. The attack affected various company departments, and it is linked to Black Basta, known for double-extortion attacks and ties to the Conti ransomware operation.
From the meeting notes, the following key takeaways can be generated:
1. Hyundai Motor Europe suffered a ransomware attack by the Black Basta ransomware gang, who claimed to have stolen three terabytes of corporate data.
2. In response to initial inquiries, Hyundai Motor Europe classified the incident as an IT issue but later confirmed the cyberattack and is currently investigating the unauthorized access to its network.
3. The attack involved the theft of data related to various departments, including legal, sales, human resources, accounting, IT, and management, with evidence pointing to stolen folders from multiple Windows domains, including KIA Europe.
4. The Black Basta ransomware gang, operational since April 2022, has been tied to multiple double-extortion attacks and is associated with the QBot malware operation, known for using Cobalt Strike for remote network access.
5. Hyundai Motor Europe had previously disclosed a data breach in April 2023, affecting Italian and French car owners and those who booked a test drive. Additionally, Hyundai MEA’s X account was hacked to promote sites with crypto wallet drainers.
6. The Black Basta ransomware gang, an offshoot of the Conti ransomware operation, is noted for a series of high-profile attacks and is reported to have received over $100 million in ransom payments since its inception, based on a report from Corvus Insurance and Elliptic in November 2023.