According to a post on a well-known hacker forum, Volvo Cars has experienced a new data breach, with stolen information allegedly being made available for sale.
Anis Haboubi, a French cybersecurity expert, was the first to discover that a threat actor was seeking to sell data purportedly taken from Volvo Cars on a well-known hacking site.
On December 31, 2022, a forum member operating online with the moniker IntelBroker reported that VOLVO CARS had been the target of a ransomware attack. He alleges that the Endurance Ransomware gang attacked the company and stole 200GB of private information that is now being sold.
The seller mentioned that he doesn’t demand a ransom because he thinks the victim won’t pay it.
“The company has not been approached with a ransom demand. Based on the information available, the company does not currently see an impact on its business or operations”, according to a Volvo representative.
IntelBroker is offering the relevant data for $2500 in Monero, and he shared a number of screenshots as evidence of the hack. He forbids any escrow, which is a highly suspicious situation.
According to reports, the leak included sensitive data like access to several of the company’s databases, WiFi logins and points, employee listings, software keys, and other private data.
“I am currently selling the following information:
Database access, CICD access, Atlassian access, domain access, WiFi points, and logins, auth bearers, API, PAC security access, employee lists, software licenses, and keys and system files.” reads the announcement on the hacking forum.
“There is much data on “unresolved” reports of exploits. I have taken them all and they will also be included in this sale.”
It’s notable that the attacker shared screenshots of allegedly stolen data that indicate details about vehicles the company sells to law enforcement agencies, especially in Europe.
Threat actors have set a relatively low price of $2,500 for the dataset, indicating that the data may not be as sensitive as the seller would want.
If genuine, this would be Volvo’s second security compromise in less than 18 months. The company claimed that a “small portion” of its R&D assets had been taken during the breach in late 2021.
Hence, it’s unclear at this moment whether the seller is seeking to sell information from the 2021 data breach or if there has been a new data leak. Some users of the same hacker site said that since last week, the company’s unsecured Citrix access has been exposed online.
Security researchers released their car hacking research discussing vulnerabilities affecting millions of vehicles, and lots of different car companies such as Kia, Toyota, BMW, Rolls Royce, Ferrari, Ford, and many more. If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely. Their goal was to find vulnerabilities affecting the automotive industry. This write-up details their work exploring the security of telematic systems, automotive APIs, and the infrastructure that supports them. Details: https://samcurry.net/web-hackers-vs-the-auto-industry/
Infosec books | InfoSec tools | InfoSec services
