INCIDENT: Unidentified Automotive Supplier Breached Three Times within Two Months

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company's systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection. After the initial compromise, LockBit, Hive, and ALPHV/BlackCat affiliates also gained access to the victim's network on April 20, May 1, and May 15, respectively.

While dual ransomware attacks are increasingly common, "this is the first incident we've seen where three separate ransomware actors used the same point of entry to attack a single organization," Sophos X-Ops incident responders said according to a report in Bleeping Computer.

Incident Date

April 20, 2022


Estimated Cost



Type of Malware:

No Malware identified


  • Automotive supplier breached by 3 ransomware gangs in 2 weeks




Pin It on Pinterest

Scroll to Top
Scroll to Top