The notorious Knight ransomware group has asserted responsibility for a cyberattack on BMW Munique Motors, the authorized BMW dealership for the State of Rondônia. This cyberattack claim was posted on the dark web channel frequently used by the Knight ransomware group.
Adding to the gravity of the situation, the threat actors left a message for visitors, stating, “At the end of the countdown, the download links will be displayed here.”
This post was made public on October 15 and contained a “Disclosed Links” section where the threat actor aims to release the download links for the stolen files.
However, it’s important to note that the Knight ransomware group clarified that their target was the official BMW dealership in the State of Rondônia and not the parent company itself.
Upon receiving news of the cyberattack on BMW Munique Motors, The Cyber Express promptly sought an official confirmation from the organization.
However, at the time of writing this, no official statement or response has been received, leaving the claims surrounding this cyberattack on BMW Munique Motors stand unverified.
Interestingly, despite the severity of the claims, the website for BMW Munique Motors remains operational and shows no overt signs of an attack.
This suggests that the threat actors may have targeted the organization’s backend database, highlighting the sophisticated nature of the cyberattack.
This cyberattack on BMW Munique Motors follows an earlier attack on BMW France by the Play Ransomware group, which claimed responsibility. The group issued an ultimatum, threatening to release stolen data on the dark web if their ransom demand was not met by April 9, 2023. The compromised data reportedly included clients’ documents, contracts, and financial information.
In 2022, BMW France again fell prey to a major cybersecurity breach when its social media accounts were hacked, resulting in damage to the esteemed German automaker’s reputation. The Knight ransomware group emerged in August 2023, evolving from the infamous Cyclops ransomware. This threat operator offers payloads in both normal and ‘lite’ versions, signifying a new level of sophistication in cybercriminal tactics.
Operating as a multi-extortion group, Knight ransomware adopts a TOR-based blog to list victim names alongside any exfiltrated data, applying aggressive coercion techniques to secure payment and prevent public data leaks. This group has actively advertised and sold its services on the RAMP forum.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Map Protocol MAPO plunged 96% after a bridge exploit minted quadrillion tokens, draining ETH liquidity and exposing major DeFi bridge…
Discord’s announcement arrives during a period of shifting encryption policies across the technology sector.
CVE-2026–5140 exposes critical flaws in Pardus Linux, allowing attackers to gain root access without authentication in seconds.
The investigation remains ongoing as authorities continue working to identify additional individuals connected to the operation.
The GitHub cyberattack linked to TeamPCP exposed internal repositories through a malicious VS Code extension compromise.
Regulators are increasingly focusing on how platforms respond to these threats, particularly when victims struggle to remove harmful content quickly.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More