Another Toyota supplier has been targeted in a cyberattack. This time its Denso corp, a global automotive manufacturer based in Japan that is also 25% owned by Toyota.
The Pandora ransomware gang has claimed responsibility and said it has stolen 1.4 terabytes of data belonging to Toyota. The data stolen is believed to include trade secrets, including more than 157,000 purchase orders and invoices, emails, and parts diagrams.
Denso described the attack in a statement today as illegal access to a subsidiary in Germany on March 10. The company cut off the network connection of affected devices and confirmed there was no impact on other Denso facilities. The attack is under investigation, authorities have been informed and the company is working with specialized cybersecurity agencies to deal with the situation.
Although Pandora has claimed responsibility for the attack, it’s not certain that ransomware was used or whether it was simply straight data theft with a ransom demanded not to release the stolen data. It was the same with the attack on Kojima Industries and several recent attacks. Pure data theft and extortion is an emerging trend among some criminal enterprises previously known for ransomware attacks alone.
Denso would have been linked to Toyota’s kanban just-in-time production control system. It could simply be a coincidence, but that platform connects all of Toyota’s suppliers and is a common link between the victims.
As this is the second of Toyota’s suppliers to be targeted by threat actors, perhaps it’s time for Toyota should consider evaluating third-party risk due diligence with respect to strong cyber hygiene.