Hackers expose Hyundai logistics data after apparent ransomware attack
Hackers leaked data related to Hyundai Motor America’s logistics operations on Monday and claimed responsibility for an apparent ransomware attack targeting the automaker and subsidiary Kia Motors America.
Files posted by the DoppelPaymer ransomware gang contain information about Hyundai Glovis, the automaker’s global logistics firm, as well as documents related to a trucking partner, in addition to other data.
Hyundai Motor America acknowledged that it had experienced an “IT outage,” but would not confirm that it had been targeted in a ransomware attack.
“Last week, Hyundai Motor America experienced an IT outage affecting a limited number of customer-facing systems and the majority of those systems are now back online,” the company said in a statement. “We would like to thank our customers for their continued patience. At this time, we can confirm that we have no evidence of Hyundai Motor America or its data being subject to a ransomware attack.”
The data leak came in the aftermath of an IT disruption that hit Kia Motors America more than a week ago. Bleeping Computer reported that Kia had been targeted by a ransomware attack by DoppelPaymer and was seeking $20 million in payment.
Brett Callow, a threat analyst with the security software firm Emsisoft, said the attack on Hyundai America could have led to attempts by DoppelPaymer to target any business partnerships.
DoppelPaymer is among a cohort of ransomware gangs that engage in double extortion tactics. Attackers seek to disrupt operations, locking out companies from their data, as well as stealing it. Companies that refuse to pay ransoms can face public disclosure on leak sites.
Click for more FreightWaves articles by Nate Tabak
TFI to take aim at UPS Freight’s unprofitable business
TFI to acquire UPS Freight for $800M
XTL makes its first acquisition as Canada trucking M&A heats…
North Korean military hackers indicted in cyber plot to rob banks, attack companies
Three North Korean computer programmers have been charged in Los Angeles with conspiring to steal and extort more than $1 billion in a sweeping array of cyberattacks against banks, other companies and cryptocurrency traders around the world, federal authorities announced Wednesday.
© (U.S. Justice Department)
From left, Park Jin Hyok, Kim Il and Jon Chang Hyok are accused of conspiring to steal more than $1 billion in a sweeping array of cyberattacks. (U.S. Justice Department)
![Kotaro Koizumi et al. posing for the camera: From left, Park Jin Hyok, Kim Il and Jon Chang Hyok are accused of conspiring to steal more than $1 billion in a sweeping array of cyberattacks. (U.S. Justice Department)](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"54","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSPmL.img?h=542&w=799&m=6&q=60&o=f&l=f&x=389&y=289"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSPmL.img?h=423&w=624&m=6&q=60&o=f&l=f&x=389&y=289"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSPmL.img?h=423&w=624&m=6&q=60&o=f&l=f&x=389&y=289"}})
The hackers were working for a North Korean military agency, the Reconnaissance General Bureau, and pursuing strategic and financial goals of the country’s leader, Kim Jong Un, authorities said.
In an indictment unsealed Wednesday, a federal grand jury in Los Angeles charged that Jon Chang Hyok, Kim Il and Park Jin Hyok attacked banks, entertainment companies, online casinos, defense contractors, energy utilities and others in the U.S., Bangladesh, Mexico, Indonesia, Britain, Vietnam, Pakistan and other countries.
© (Christopher Polk / Getty Images)
Federal authorities say embarrassing emails of Sony executives were hacked by North Korean computer programmers and made public as revenge for the studio’s release of “The Interview,” a comedy that mocked North Korea’s leader, Kim Jong Un. (Christopher Polk / Getty Images)
![a group of people walking down a street next to a sign: Federal authorities say embarrassing emails of Sony executives were hacked by North Korean computer programmers and made public as revenge for the studio's release of "The Interview," a comedy that mocked North Korea's leader, Kim Jong Un. (Christopher Polk / Getty Images)](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"53","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSDJD.img?h=533&w=799&m=6&q=60&o=f&l=f&x=723&y=261"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSDJD.img?h=416&w=624&m=6&q=60&o=f&l=f&x=723&y=261"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1dSDJD.img?h=416&w=624&m=6&q=60&o=f&l=f&x=723&y=261"}})
The victims included Sony Pictures Entertainment Inc. Embarrassing emails sent by Sony executives were made public in 2014, allegedly in retaliation for the studio’s release of “The Interview,” a comedy film that depicted the fictional assassination of Kim Jong Un. One of the accused hackers, Park, was charged in the Sony attack in 2018, and now the other two men are accused of having a hand in the incursion as well.
Beyond the Sony attack, the indictment announced Wednesday alleges a broader scheme to carry out various cybercrimes, including the attempted theft of $1.2 billion from banks across the globe, wide distribution of malicious cryptocurrency apps and spear-phishing campaigns to penetrate computer systems of U.S. defense contractors, the Pentagon and the U.S. State Department.
“As laid out in today’s indictment, North Korea’s…
Kia denies ransomware attack after days-long network outages
Kia Motors America has denied reports that it was a victim of a recent ransomware attack. This after online services suffered across the United States, affecting the work processes used by dealers to order for vehicles and parts while also adversely affecting the UVO app that owners use to remotely start the vehicle and use its air conditioning feature.
According to reports in the US media, Kia released a statement which highlighted that as per all the information available, there is no evidence to suggest that either the company or its data has been a victim to a ransomware attack. While apologizing to customers for the inconvenience caused, Kia also said that efforts are on to address the issue of outage and that most of the repair processes are now in place and active. “We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely,” the statement read.
Cybersecurity news outlet BleepingComputer earlier this week had reported that as per a note it had received, ransomware gang Doppelpaymer had demanded $20 million from Hyundai to decode scrambled data. Both Hyundai and Kia systems had faced outage this week which had resulted in many car owners taking to social media to raise complaints. One buyer said she was unable to lease a Kia vehicle, most others said they were unable to turn on the car warming function remotely. Several others complained they were not able to start their vehicle through the app.
Associated Press reports that Kia has not yet confirmed if it has suffered delays in delivering vehicles to dealerships because of the outage woes even as several other reports mention dealers having suffered a push back in timelines.
At a time when cars around the world are coming packed with high-end features, such outages do pose a risk to ownership experience and may also be susceptible to online attacks from those with nefarious inten
US cities disclose data breaches after vendor’s ransomware attack
A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington.
Automatic Funds Transfer Services (AFTS) is used by many cities and agencies in Washington and other US states as a payment processor and address verification service. As the data is used for billing and verifying customers and residents is wide and varied, this attack could have a massive and widespread impact.
The attack occurred around February 3rd when a cybercrime gang known as ‘Cuba ransomware’ stole unencrypted files and deployed the ransomware.
The cyberattack has since caused significant disruption to AFTS’ business operations, making their website unavailable and impacting payment processing. When visiting their site, people are greeted with a message, stating, “The website for AFTS and all related payment processing website are unavailable due to technical issues,” as shown below.
BleepingComputer discovered that the attack was conducted by a cybercrime operation known as ‘Cuba Ransomware’ after the hackers began selling AFTS’ stolen data on their data leak site.
Like other human-operated ransomware, Cuba will breach a network, spread slowly through servers while stealing network credentials and unencrypted files, and finally end the attack by deploying the ransomware to encrypt devices.
According to the data leak page, the Cuba gang claims to have stolen “financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.”
If the ransomware gang cannot find a buyer for the data, they will likely release it for free, allowing the data to be used by other threat actors.
Affected cities and agencies
Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches.
The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN…