(Story updated 12/01/23 with comment from Sellix)
Data allegedly belonging to Volvo has appeared for sale on hacking forums. The automaker has acknowledged the breach, which appears to have been perpetrated by a new ransomware gang, Endurance.
The stolen information is being offered up for sale on the Breached.co hacking forum for $2,500 in Monero cryptocurrency.
Volvo data breach: information appears on hacking forums
The hackers behind the sale are part of a newly established Serbian cybercrime gang Endurance, which was first spotted on the dark web in November.
“I am currently selling the following information,” explains Endurance-member IntelBroker in a forum post, followed by a list of sensitive data points, including access to company databases, WiFi points and logins, employee lists and software keys.
What follows is a list of screenshots, including telematics on vehicles made for police, internal presentations, project management dashboards and car part schematics. Some of the documents appear to be dated as late as December 2022.
The hacker was using technology from Sellix, which enables digital transactions using cryptocurrency, to market the stolen information. A spokesperson for Sellix said: “The threat actor tried to sell the data with our technology, we confirmed to them that no invoice was ever fulfilled and no content hosted and we took it down as soon as we found out about it.”
Volvo has acknowledged the breach, but said in a statement: “The company has not been approached with a ransom demand. Based on information available, the company does not currently see an impact on its business or operations.”
IntelBroker claims that the stolen data is the result of a ransom attempt, but says the group assumed Volvo would not respond and is therefore selling the data immediately instead.
If confirmed, this breach would not be the first for the car company. In December 2021, Volvo admitted one of its file repositories had been illegally accessed by a third party. “Investigations so far confirm that a limited amount of the company’s R&D property has been stolen,” the company said at the time.
Endurance: new kids on the ransomware block?
Endurance came to prominence last year when it claimed to be selling 2GB of data stolen from the US government. However, much of this information appeared to have already been in the public domain.
The gang has a GitHub repository where it appears to be selling its own malware, called Endurance Wiper.