Hyundai Motor Europe, the European division of Hyundai Motor Company based in Germany, recently fell victim to a Black Basta ransomware attack known as Black Basta. The attackers have claimed to have accessed and stolen three terabytes of corporate data.
Hyundai Motor Europe Ransomware Attack
Although the attack was initially discovered in early January, Hyundai initially referred to the incident as mere IT issues when contacted for clarification.
“Hyundai Motor Europe is experiencing IT issues, which the company is working to resolve as quickly as possible,” Hyundai told BleepingComputer at the time.
“Trust and security are fundamental to Hyundai’s business and our priority is the protection of our customers, employees, investors, and partners.”
Following the exchange of additional information regarding the stolen data, Hyundai Motor Europe has officially confirmed that they indeed experienced a cyberattack.
“Hyundai Motor Europe is investigating in a case in which an unauthorised third party has accessed a limited part of the network of Hyundai Motor Europe,” Hyundai Motor Europe told BleepingComputer.
“Our investigations are ongoing, and we are working closely with external cybersecurity and legal experts. Relevant local authorities have also been notified. Trust and security are fundamental to our business, and our priority is the protection of our customers, employees, investors, and partners.”
Although Hyundai Motor Europe did not provide specific details about the type of attack they experienced, BleepingComputer reports that it was the work of the Black Basta ransomware operation. The threat actors behind the attack claimed to have successfully stolen 3 TB of data from Hyundai Motor Europe.
An image revealed lists of folders that were reportedly taken from multiple Windows domains, including those of KIA Europe. The folder names suggest that the stolen data pertains to various departments within the company, such as legal, sales, human resources, accounting, IT, and management. The exact nature of the stolen data, however, remains unknown.
In April 2023, Hyundai had previously reported a data breach that affected car owners in Italy and France, as well as individuals who had booked a test drive. Additionally, there has been a recent incident where Hyundai MEA’s X account was compromised, resulting in the promotion of websites associated with crypto wallet drainers.
What is Black Basta Ransomware?
The Black Basta ransomware gang initiated its operation in April 2022, employing a series of double-extortion attacks. By June 2022, Black Basta had formed an alliance with the QBot malware operation (QakBot) to deploy Cobalt Strike, enabling remote access to corporate networks. This access allowed Black Basta to propagate across network devices, exfiltrate data, and ultimately encrypt targeted devices.
Black Basta is suspected to be a splinter group of the well-known Conti ransomware operation, led by a former Conti leader.
Since its emergence, the threat actors behind Black Basta have been responsible for a series of high-profile attacks. Some notable victims include the Toronto Library, Capita, American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
According to a report by Corvus Insurance and Elliptic in November 2023, it is estimated that Black Basta has amassed over $100 million in ransom payments since its inception.
