November 30, 2021: R&D Data Breach at Volvo Cars
Car company Volvo suffered a cyberattack on some of its research and development property, the manufacturer said in a press release. Volvo Cars said "it could impact the company's operation", but did not specify what that might be.
In a statement published on the dark web on the evening of November 30, the Snatch ransomware gang said it had attacked the Volvo Car Corporation (VCC). Snatch published screenshots of allegedly stolen data from the Volvo hack on a Darknet website viewed by inside-it.ch.
December 28, 2022: Hacker Allegedly Sells Sensitive Data from Volvo
A threat actor is allegedly selling sensitive data, including information on vehicles the company sells to law enforcement.
Somebody has posted an ad on a popular hacking forum, claiming they are selling sensitive data of the Swedish manufacturing giant Volvo.
The threat actor behind insists that the company fell victim to a ransomware attack in late December. However, the attacker decided to sell the data instead, being convinced that Volvo would not pay the ransom. The relatively modest price set for the dataset signals the information might not be as sensitive.
Coop, one of Sweden’s largest supermarket store chains, has shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the Kaseya security incident on Friday. The stores were closed after cash registers and self-serving stations went down and prevented Coop employees from processing in-store payments. Stores remained closed for two days.
The incident took place at the same time that a ransomware gang managed to infiltrate its way into the network of Kaseya, a provider of remote management app solutions, and deployed a version of the REvil ransomware to some of Kaseya’s customers, disguised as an update to the VSA software.
February 19, 2022: Axis Communications Hit in Cyberattack
Axis Communications, a Swedish maker of network cameras and other physical security solutions used by government and private sector organizations globally, suffered a cyberattack earlier this month that disrupted its operations, company officials said.
“On the night between Saturday February 19 and Sunday February 20, Axis was the subject of a cyberattack. Using several combinations of social engineering, attackers were able to sign in as a user despite protective mechanisms such as multi-factor authentication,” company officials said in an advisory posted.
“Inside, the attackers used advanced methods to elevate their access and eventually gain access to directory services."
January 1, 2000: Accidental Remote Control
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.