Volvo Security Breach: Criminal Sells Details of Car Models, Layouts on the Dark Web

Confidential information from the systems of Swedish vehicle manufacturer Volvo Cars was posted on the hacker forum by an unknown threat actor.

The screenshots of the stolen data samples revealed car models, features, layouts, tender details, and police cars, among others. The criminal also stated that they might sell the data as the company’s chances of paying a ransom seemed bleak.

The forum post titled, ‘VOLVO CARS RANSOMWARE LEAK’ published on December 31, read, “Recently, as of a week ago, almost, Volvo cars fell victim to the Endurance Ransomware.
This has been ongoing, and I have only just happened to come across the data that has been in a backlog. I have refused to ask for a ransom payment because I have suspicions that they won’t pay.
Regardless I am selling it here.”

The post suggested that the Endurance ransomware gang had gained remote access to the systems of the Swedish multinational vehicle manufacturer. The gang allegedly ‘dumped’ the system data on the cybercrime forum, which the publisher of the recent post attained.

The cybercriminal on the forums also stated that there was more information on ‘resolved reports’ of exploits that were in their possession and were on sale, along with the posted samples.

The data samples on the forum and car model details, including the existing and upcoming ones, were offered for $2,500. They asked for payment to be made in XMR cryptocurrency or Monero. The post read that ‘middlemen’ was not optional, probably suggesting the involvement of another person in the illegal sale.

Screenshots of the data supposedly possessed by the unidentified cybercriminal that they are illegally selling:

The post claimed to be selling the following information:

1. Database access
2. CICD access
3. Atlassian access
4. Domain access
5. WiFi points and logins
6. Auth bearers
7. API, PAC security access
8. Employee lists
9. Software licenses and keys
10. System files

If the claim that the cyberattack is underway is valid, then the Swedish automobile giant Volvo will need to scan their systems for unauthorized access after reporting to legal authorities.

The Endurance ransomware group

It is speculated that the gang is run by a single cybercriminal called ‘IntelBroker’. Endurance group has breached several government systems in the United States of America. On November 15, IntelBroker broke a post on BreachForum, a known hacker forum, about an attack on the federal government of the U.S. Similar to the Volvo data dump, the attacker released several screenshots of data that they had no hope of being paid a ransom for.