November 28, 2023 at 02:44PM
The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, a major automotive parts supplier. The attack disrupted production at Stellantis, and Qilin has threatened to release sensitive data. Qilin is known for targeting companies in all sectors and recently rebranded its ransomware. Group-IB has infiltrated Qilin’s operations and shared intelligence on the group.
Key Takeaways from Meeting Notes:
1. The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, a major automotive parts supplier.
2. Yanfeng is a Chinese company specializing in interior components and has a global presence with over 57,000 employees in 240 locations.
3. Yanfeng supplies interior components to several well-known automakers, including General Motors, Volkswagen Group, Ford, Stellantis, BMW, Daimler AG, Toyota, Honda, Nissan, and SAIC Motor.
4. The cyber attack on Yanfeng had a direct impact on Stellantis, causing the car company to halt production at its North American plants.
5. Yanfeng remained unresponsive to inquiries about the situation, but its website recently came back online without any statements regarding the outage.
6. Qilin ransomware group, also known as “Agenda,” has added Yanfeng to their Tor data leak extortion site and threatened to release all the data they have in the coming days.
7. Qilin is a ransomware-as-a-service (RaaS) platform that targets companies in various sectors and has been active since at least August 2022.
8. Group-IB was able to infiltrate Qilin’s operations and published a report in May 2023, providing details about the gang’s activities and target exclusions.