Japan-headquartered automotive firm DENSO recently disclosed that it was hit by a cyberattack last week.

The announcement from the company, which specialises in fabricating car components, followed an up-and-coming ransomware outfit called Pandora leaking data it claimed was stolen from DENSO in an online strike.

Counted among the largest automotive component makers in the world, DENSO supplies numerous leading brands like General Motors, Fiat, Volvo, Honda, Ford, Mercedes-Benz and Toyota with an extensive selection of electronic, electrical and powertrain control parts.

While the manufacturing giant operates from Japan, it has more than 200 subsidiaries and close to 169,000 employees across the globe, and reported $44.6bn in revenue at the close of 2021.

Swift action after a cyberattack

In a recent press statement, DENSO confirmed that its German-based corporate network was successfully breached by malicious actors on Thursday, March 10.

The manufacturer said that it detected illegal access attempts and responded instantly to block the intruder reaching the rest of its network devices. As a result, only DENSO’s German division was impacted.

The company commented in its advisory:

“DENSO has confirmed that its group company in Germany network was illegally accessed by a third party on March 10, 2022. After the detecting the unauthorised access, DENSO promptly cut off the network connection of devices that received unauthorised access and confirmed that there is no impact on other DENSO facilities.”

Due to the immediate action taken, all the firm’s production plants, and additional facilities continued to operate as normal. This meant that no disruptions were expected in supply chain due to the cybersecurity incident.

Ransomware attack aimed at DENSO

Despite the fact that DENSO has stated that the attack has not inflicted any major harm on its operations, the Pandora ransomware group has now started leaking 1.4 terabytes of files that the threat actors allegedly stole when the network was breached.

Examples of the leaked data viewed so far show that files include technical schematics, purchase orders and non-disclosure agreements. However, the leaked data has not yet been verified as being legitimate.

DENSO has now informed the local law enforcement agencies and the appropriate authorities of the incident. As a result, if the files now in circulation by Pandora are authentic, sharing, copying, or publishing the data would constitute as an act of violation against the company’s intellectual property (IP) rights.

Pandora has its own dedicated encryptor, but it is as yet unknown if the gang successfully encrypted any files on DENSO’s corporate network before its infiltration was detected. At present, few details are available on the attack and DENSO has not yet confirmed how its systems were breached.

The attack aimed at the automotive manufacturer is the third strike in 2022 aimed at a car parts producer or automaker. Other enterprises hit include Bridgestone and Toyota, both of which were attacked in February. The world’s largest automaker, Toyota, was seriously impacted by the cyberattack which forced it to stop production at 14 different facilities in Japan.