Hyundai Europe claimed as latest ransom victim of Black Basta


The Hyundai Motor Corporation’s European division has reportedly been the victim of a January ransomware attack carried out by the Russian-linked Black Basta ransom gang.

The seasoned ransom gang is said to have nabbed about 3TB of data from the German-based division.

Hyundai has now confirmed to Cybernews it was the victim of a cyber breach, but stopped short of calling the security event a full blown ransomware attack.

"Hyundai Motor Europe is investigating a case in which an unauthorized third party has accessed a limited part of the network of Hyundai Motor Europe,” a Hyundai spokesperson told Cybernews on Friday.

“Our investigations are ongoing, and we are working closely with external cybersecurity and legal experts,” the company said.

In early January, the South Korean automaker had said it was “experiencing IT issues” that the company was “working to resolve as quickly as possible,” according to BleepingComputer, who first reported the story on Thursday.

The media outlet apparently became privy to new information this week, connecting Black Basta to the incident and the alleged 3TB of stolen data.

At the time of publishing, Cybernews has not seen any mention of Hyundai or the alleged stolen data on Black Basta's dark leak site, although often, an extortion group will wait to post about its victims until ransom negotiations have firmly broken down.

Furthermore, Hyundai has not revealed which systems were compromised in the attack, what sensitive data may have been accessed, and how much.

“Trust and security are fundamental to Hyundai's business and our priority is the protection of our customers, employees, investors, and partners," the automaker said in its statement to Cybernews.

Dan Lattimer, Vice President at Semperis, a US-based Active Directory security firm, said that ransomware cartels, like Black Basta, are comparable to “schoolyard bullies” who can breach an organization and “take whatever they want.”

Hyundai’s confirmation of a third-party attack, purportedly carried out by the Black Basta ransomware gang, “highlights the advantages persistent and motivated threat groups have against even the largest companies in the world,” Lattimer explained.

“Hyundai deploys a deep and talented team of security professionals, has prevented hundreds of cyberattacks from becoming significant, but yet again finds itself in the crosshairs again,” Lattimer said, referring to several other cybersecurity incidents the car manufacturer has experienced in the past.

Last April, Hyundai’s European arm suffered another major cyberattack exposing the personal information of its customers in France and Italy. The attackers in that breach were never identified.

"Today, global organizations have to assume a post-breach mindset, vastly improve their response and recovery times to limit disruptions," Lattimer said. "Now is the time for defenders to fight back," he added.

Additional security flaws in the automaker’s software have been exploited before, including a bug found by researchers that allowed them to control critical features of the vehicle, including door locks and the engine.

In 2021, Hyundai also fell victim to the infamous TikTok challenge, where viral videos spread across the US, showing viewers how to bypass the vehicle's security system and hotwire the cars with only a screwdriver and USB cable.

Hyundai stated that in addition to the investigation involving the January attack, "relevant local authorities have also been notified."

Black Basta is believed to be an offshoot of the notorious Conti ransomware gang and has raked in at least over $100 million in Bitcoin ransom payments since its inception in early 2022, according to a November 2023 report by Elliptic and Corvus Insurance.