Qilin ransomware claims attack on automotive giant Yanfeng

Trending 3 months ago


The Qilin ransomware accumulation has claimed albatross for a cyber advance on Yanfeng Automotive Interiors (Yanfeng), one of the world's better automotive genitalia suppliers.

Yanfeng is a Chinese automotive genitalia developer and architect focused on autogenous apparatus and employs over 57,000 bodies in 240 locations worldwide.

It sells autogenous apparatus to General Motors, the Volkswagen Group, Ford, Stellantis (Fiat, Chrysler, Jeep, Dodge), BMW, Daimler AG, Toyota, Honda, Nissan, and SAIC Motor. The aggregation constitutes a acute allotment of the accumulation alternation for these automakers.

Earlier this month, it was reported that Yanfeng was impacted by a cyberattack that anon afflicted Stellantis, banishment the car aggregation to stop assembly at its North American plants.

The Chinese aggregation remained above to inquiries for comments apropos the situation. However, its capital website was aloof until yesterday, back it alternate online after any statements apropos the outage.

Stellantis told BleepingComputer they suffered a disruption due to an "issue" at an alien supplier.

"Due to an affair with an alien supplier, assembly at some of Stellantis' North America accumulation plants was disrupted the anniversary of November 13," Stellantis aggregate in a statement.

"Full assembly at all impacted plants had resumed by November 16."

Qilin claims the attack

The Qilin ransomware group, additionally accepted as "Agenda," claimed the advance on Yanfeng by abacus them to their Tor abstracts aperture extortion armpit yesterday.

The blackmail actors appear assorted samples to prove their declared acceptance to Yanfeng systems and files, including banking documents, non-disclosure agreements, citation files, abstruse abstracts sheets, and centralized reports.

Yanfeng listed on Qilin's extortion portalYanfeng listed on Qilin's extortion portal (BleepingComputer)

Qilin has threatened to absolution all abstracts in their control in the advancing days, but no specific borderline was set.

The Qilin ransomware assemblage launched its RaaS (ransomware as a service) belvedere at the end of August 2022 beneath the name 'Agenda.'

In 2023, the blackmail actors rebranded their ransomware beneath the name 'Qilin,' which they accomplish beneath today.

A Qilin bribe noteA Qilin bribe note
Source: BleepingComputer

The blackmail actors ambition companies in all sectors, and abounding attacks affection customization in the action abortion and book addendum changes to aerate impact.

Group-IB managed to access Qilin’s operations and published a address in May 2023 to allotment the intelligence it collected, including capacity about the gang's recruiting, admin console features, and ambition exclusions.