View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 5, 2023updated 12 Jan 2023 6:31pm

Volvo data breach sees information offered for sale on hacking forums

A breach of the automaker has seen information stolen and posted online, but the company says it has not received a ransom demand.

By Claudia Glover

(Story updated 12/01/23 with comment from Sellix)

Data allegedly belonging to Volvo has appeared for sale on hacking forums. The automaker has acknowledged the breach, which appears to have been perpetrated by a new ransomware gang, Endurance.

Data apparently belonging to Volvo has appeared on various hacking forums. (Photo by William Barton/Shutterstock)

The stolen information is being offered up for sale on the hacking forum for $2,500 in Monero cryptocurrency. 

Volvo data breach: information appears on hacking forums

The hackers behind the sale are part of a newly established Serbian cybercrime gang Endurance, which was first spotted on the dark web in November. 

“I am currently selling the following information,” explains Endurance-member IntelBroker in a forum post, followed by a list of sensitive data points, including access to company databases, WiFi points and logins, employee lists and software keys. 

What follows is a list of screenshots, including telematics on vehicles made for police, internal presentations, project management dashboards and car part schematics. Some of the documents appear to be dated as late as December 2022.

The hacker was using technology from Sellix, which enables digital transactions using cryptocurrency, to market the stolen information. A spokesperson for Sellix said: “The threat actor tried to sell the data with our technology, we confirmed to them that no invoice was ever fulfilled and no content hosted and we took it down as soon as we found out about it.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Volvo has acknowledged the breach, but said in a statement: “The company has not been approached with a ransom demand. Based on information available, the company does not currently see an impact on its business or operations.”

IntelBroker claims that the stolen data is the result of a ransom attempt, but says the group assumed Volvo would not respond and is therefore selling the data immediately instead.

If confirmed, this breach would not be the first for the car company. In December 2021, Volvo admitted one of its file repositories had been illegally accessed by a third party. “Investigations so far confirm that a limited amount of the company’s R&D property has been stolen,” the company said at the time.

Endurance: new kids on the ransomware block?

Endurance came to prominence last year when it claimed to be selling 2GB of data stolen from the US government. However, much of this information appeared to have already been in the public domain. 

The gang has a GitHub repository where it appears to be selling its own malware, called Endurance Wiper.

Read more: Twitter data breach ‘worse than first thought’, researchers claim

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.