HQ/EMEAFind out how we can help your business
The Qilin ransomware group has claimed responsibility for a recent cyberattack on Yanfeng Automotive Interiors (Yanfeng).
The affected entity is one of China’s most prominent automotive parts developers and one of the world’s largest suppliers. Moreover, the company is home to over 57,000 employees spread across 240 locations globally. This latest attack against Yanfeng has significantly disrupted the automotive industry.
The attack, which occurred earlier this month, impacted not only Yanfeng but also Stellantis. This event has forced the car company to stop production at its North American plants temporarily.
Stellantis revealed that the disruption resulted from an “issue” with an external supplier, and production at affected plants resumed by November 16. Yanfeng, however, has not disclosed any details about the hack and has provided no comments on the situation. In addition, the company’s main website became inaccessible during the incident, leaving concerned individuals more anxious.
The Qilin ransomware group stated they are the culprit behind the threat campaign.
Investigations have quickly confirmed the identity of the alleged attackers after the Qilin ransomware group added Yanfeng to its Tor data leak extortion website. Based on reports, these attackers have showcased the alleged access to sensitive systems and files.
The published samples included financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports, serving as ominous proof of their intrusion.
Qilin, formerly named ‘Agenda,’ rebranded its ransomware this year and has since targeted companies across various industries. Additionally, the group employs a ransomware-as-a-service (RaaS) platform, offering a disturbingly effective tool for cyber extortion. These ransomware operators have demonstrated a capacity for customisation in their attacks, manipulating processes and file extensions to maximise impact.
Researchers have managed to infiltrate Qilin’s operations and published a May 2023 report detailing the group’s modus operandi. The report revealed insights into Qilin’s recruitment practices, administrative panel features, and the types of organisations they intentionally avoid targeting.
The threat of data leaks could still impact Yanfeng since the Qilin ransomware warns the company of potentially releasing all accessed data in the coming days. The incident is another example of how vulnerabilities within the supply chain affect various industries. Therefore, patching these flaws with new updates should be prioritised by organisations.
