Swedish motor vehicle manufacturer Volvo Cars confirmed that cybercriminals had breached the company systems and stolen research and development (R&D) data from one of its file repositories.
The firm revealed that one of its file repositories had been accessed by a third party actor, although a “limited amount” of the company’s sensitive data had been affected. Volvo said that investigations were launched as soon as the property theft was detected.
As such, the company responded to the breach by launching a host of cybersecurity countermeasures, including mechanisms to stop any further access to its intellectual property. It also alerted the relevant law enforcement authorities that would help identify the culprits and prevent further damage.
Interestingly, the cyberattack appears to have targeted Volvo’s R&D data, which reflects a totally different scenario to the host of data breaches that have led to customer information being lost and sold on the dark web.
As such, customers have been asked not to worry that their information has been affected by the hack.
Who Was Behind the Hack?
So far, no one clearly knows the origin of the third-party data breach, or identified the threat actors behind the hack. The company sent out a warning that the cyberattack may affect its operations, a factor that led to Volvo’s stock taking a 3.5 percent drop in Stockholm according to market observers.
However, a Swedish-language article by the media house Inside-it came across a screenshot on a dark web platform that pointed the cyberattack to a ransomware gang called Snatch – the investigators found Volvo data that had been published on a site that’s being operated by the threat actors.
What’s even more interesting is that the latest development involving the hacking of a car maker was predicted before.
Notably, a cybersecurity report compiled by the digital risk protection firm CyberAngel had noted the severe vulnerability of the car making industry to ransomware attacks owing to the vast availability of exposed credentials across dark web platforms.
It turns out that a CyberAngel investigation found that highly sensitive information had been accessed by unauthorized actors, including intellectual properties belonging to automotive companies, personal information, blueprints of sensitive car components and manufacturing premises, secret agreements, and human resources materials.