Security Experts:

Connect with us

Hi, what are you looking for?



Car Parts Giant Denso Targeted by Ransomware Group

Japanese car parts giant Denso on Monday said hackers recently accessed its network in Germany, and the incident appears to have involved a piece of ransomware.

Japanese car parts giant Denso on Monday said hackers recently accessed its network in Germany, and the incident appears to have involved a piece of ransomware.

Denso, ​​one of the world’s largest technology and component providers for the automotive industry, said its network was illegally accessed on March 10.

The Fortune Global 500 company shut down the network connections of compromised devices after detecting the breach. The incident has not led to disruption of production activities, with plants operating normally, Denso said.

While the company has not shared any information about the attackers, a cybercrime group named Pandora has taken credit for the attack, claiming to have stolen 1.4 Tb of data.

In an effort to demonstrate their claims, the hackers have made available a list of files allegedly stolen from Denso, as well as several images of documents. Based on the list of files provided by the hackers, tens of thousands of documents, spreadsheets, presentations and images have been compromised, including many that reference customers and employees.

It’s unclear how the hackers gained access to Denso’s network, but after Pandora announced the attack, one researcher said he warned the company a couple of months ago that threat actors had been selling access to its network.

[ READ: Ransomware Gang Threatens to Leak Files Stolen From Tire Giant Bridgestone ]

The Pandora ransomware appears to be new, but several experts say it’s a rebranding of the Rook ransomware. And while Denso said it was breached on March 10, the company was also listed on Rook’s leak website back in late December 2021. The hackers at the time claimed to have stolen 1.1 Tb of files.

In addition to using malware to encrypt files on compromised systems, the cybercriminals steal files from victims in an effort to increase their chances of getting paid. The group’s data leak website currently lists five victims, all announced in the past month.

Attacks on suppliers can have serious implications for the automotive industry. The news of a breach at Denso comes two weeks after Toyota halted operations at its plants in Japan after a major supplier was hit by a cyberattack. Denso is also a supplier for Toyota, but the incidents do not appear to be related.

“With the Pandora hacking group claiming 1.4TB of data has been stolen, it’s imperative that manufacturers secure their data, not just their networks,” said Shane Curran, CEO at Irish encryption firm Evervault. “Manufacturers must understand how strong their encryption is and whether they’re inadvertently storing information in a way that makes it easy for cybercriminals to access sensitive information, not just about themselves but their partners and customers.”

Related: Colossus Ransomware Hits Automotive Company in the U.S.

Related: Hackers Steal Research Data From Sweden’s Volvo Cars

Related: After IT Outage, Carmakers Kia and Hyundai Say No Evidence of Ransomware Attack

Related: German Auto and Defense Firm Rheinmetall Says Malware Hit Several Plants

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...