Hackers blackmail Bosh as secret engineering files surface on the dark web
Hackers give an ultimatum to German engineering giant.

A ransomware gang claims to have stolen sensitive engineering data from Bosch through an alleged breach of technology company Synopsys. This raises concerns that proprietary hardware designs could be exposed.
D1R ransomware gang listed a German multinational engineering giant, Bosch, on its dark web leak site, giving the company 11 days to make contact and negotiate before the data is allegedly published.
The provided data sample is quite worrying, as the document appears to be related to hardware communications used in Bosch products. However, the scope of the alleged breach is still unconfirmed.
Among the files is a screenshot showing the first page of a Controller Area Network (CAN) user manual. CAN is an industry-standard communication protocol originally developed by Bosch in 1983.
It enables electronic components to communicate with one another and is widely used in vehicles, including cars, trains, and aircraft. The protocol also powers communication between components in numerous embedded systems and consumer devices.
"These networks are mainly used for communication between multiple hardware components, so in Bosch's context, this could relate to products ranging from household appliances to automotive components," Cybernews researchers said.
Hardware design files raise additional concerns
The ransomware gang also published a directory listing of stolen files. Researchers noted that the filenames include numerous .vhd files alongside other project files.
These files could include VHDL source code, which is used to design hardware via code. If proved to be legitimate, such files could reveal details about proprietary hardware development.
"This increases the risk of exposing how Bosch designs its hardware, which could be valuable both to competitors and to attackers interested in hardware hacking," Cybernews researchers said.
Attackers claim a third-party breach
If true, the incident could be classified as a third-party supply chain breach, where attackers compromise a technology provider to gain access to customer data.
Rather than claiming a direct intrusion into Bosch's systems, D1R says the data was obtained through an alleged breach of Synopsys, a US-based company whose software is widely used for semiconductor and electronic design automation.
D1R is a new name in ransomware field, with not much known about these attackers. So far, the gang has only three victims listed on their leak site.
The gang also listed Synopsis in a separate entry, claiming to have exfiltrated a database of 40,000 corporate clients. The same 11-day countdown was set for this entry, while attackers provided a list of client databases as proof of their claims.
“Our cybersecurity assessment team has discovered a vulnerability in Synopsis,” attackers said. “A flawed logic in their registration form has allowed our team to pull an entire 40,000 corporate client database without internal access.”
Cybernews reached out to Bosch and Synopsis for a comment. We will update the article once the response is received.
Hackers have targeted Bosch before
It is not the first time the Bosch name appears on illicit communication channels. Last year, cybercriminals claimed on Telegram that they had snatched sensitive data about approximately 800 customers' networks.
Bosch was among those affected. The data came from a US software company, Red Hat. The breach, confirmed by the company, affected GitLab repositories. Among the stolen data were various configuration files and internal tools.
In 2021, reportedly, a threat actor listed on an illicit marketplace source code exfiltrated from Bosch’s 5G IoT connectivity platform.