Swedish automaker Volvo Cars confirmed a cyber security breach that allowed hackers to access its research and development data.
The company disclosed that a third party illegally accessed one of its file repositories, including limited R&D data during the intrusion. Volvo’s investigation found that the incident could have effects on its operations.
Subsequently, the Snatch cyber threat group added Volvo’s logo and screenshots of allegedly stolen data to its data leak site and leaked 35.9 MB as proof of responsibility.
Based in Gothenburg, Sweden, the Chinese Geely Holdings-owned manufacturer employs about 40,000 people globally. Its sales were over $15 billion in the first half of 2021, and the company had this year’s largest IPO in Europe on October 29.
Volvo acknowledges a security breach that leaked R&D data
Volvo’s data breach notification said it acted “immediately and implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.”
The company also commenced an investigation into the security breach and involved a third-party cybersecurity specialist. Preliminary results of the probe confirmed that an unauthorized party illegally accessed the company’s R&D data.
Additionally, the investigators suggested that the security breach could have potential impacts on the company’s operations.
“Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion,” the company wrote. “Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company’s operation.”
Volvo did not explain the nature of the stolen R&D data or the scope of the security breach. Additionally, the company refused to comment further on the incident.
Volvo’s response to additional information requests stated that the company does not comment on speculations about possible cybersecurity attacks but takes all threats and property thefts seriously.
Similarly, the company claimed that cybersecurity was a priority, and it “actively participates in the international work on standardization and best practices, applying and contributing to the cybersecurity recommendations accepted by the industry.”
The company also assured the public that the security breach did not affect the “safety or security of its customers’ cars or their personal data.” It seems that the security breach was a possible corporate cyber-espionage incident targeting R&D data.
“The situation that Volvo finds itself in highlights a peripheral danger in leaked or stolen enterprise data-the threat of intellectual property and other proprietary information falling into the wrong hands,” said Trevor Morgan, product manager at Comforte AG.
Volvo hackers ‘Snatch’ deny being a ransomware group
The media outlet Inside-It reported that the cybercrime gang Snatch took responsibility for the security breach on November 30, 2021.
Snatch ransomware variant compromises its victims by booting Windows PCs in Safe Mode. The strategy allows the malware to avoid detection by security protections that do not work in Safe Mode.
However, the threat actors denied any association with the ransomware group, according to Bleeping Computer. The group distanced itself from “projects created earlier under the same name,” adding that they do not demand a ransom to decrypt data.
Additionally, the group claimed to work exclusively with their potential customers’ data. Their statement supports the previous suggestion that the R&D data heist was a potential cyber-espionage incident.
KnowBe4’s security awareness advocate Erich Kron noted that the incident demonstrated how intellectual property was under threat.
“Although ransomware groups are often involved in the theft of personal information, this is an example of how corporate information and intellectual property can also be a target,” Kron said. “Most ransomware is spread through phishing emails or through exploiting RDP instances open to the internet.”
Kron also noted that Snatch threat actors exploit RDP tools for lateral movement across the network. He recommended strong passwords, avoiding password reuse, and monitoring RDP connections for brute force attacks.
“Automotive manufacturers go to great lengths to keep next model year vehicles from prying eyes, and the same is true for data, especially R&D data,” Chris Clark, Senior Manager at Synopsys Software Integrity Group, concluded. “Protecting key assets like research data is especially critical in a high-intensity market like automotive.”