Threat actor 8Base claims to have stolen a significant cache of sensitive files from the German automaker Volkswagen and threatened to publish it. Volkswagen appears unfazed despite the threats of the data being exposed, asserting that its internal IT system remains unaffected.
The 8Base group, which emerged on the ransomware scene in late 2022-early 2023, started on the dark web platform, claiming it had obtained “a huge amount of confidential information” from Volkswagen and other firms.
According to their declaration, the stolen data includes a range of documents such as invoices, receipts, accounting records, personal data, employment contracts and certificates, confidentiality agreements, and reports The Register.
The ransomware group initially set a release date for the data on September 26, yet no information has been made public, raising speculation that the threat could be a bluff.
Volkswagen, however, remains calm. The company’s spokesperson confirmed its awareness of the situation, stating, “The incident is known. The Volkswagen group’s IT infrastructure is not affected. We continue to monitor the situation closely.”
They added that this was not a new or unexpected development for the company.
This isn’t Volkswagen’s first brush with data breaches. In 2021, a separate cyberattack exposed personal data belonging to three million customers. The attack targeted a third-party supplier, raising concerns about Volkswagen’s supply chain vulnerabilities.
Additionally, Chinese threat actors have reportedly targeted the company with prolonged cyber-espionage campaigns, further complicating its cybersecurity landscape.
However, this latest incident involving the 8Base group brings a new dimension of concern. The relatively new ransomware group is known for leveraging the Phobos ransomware, a strain that has previously inflicted significant damage on government entities and critical infrastructure firms. Despite its notorious past, 8Base has been relatively quiet recently, leading to speculation about its current activities.
Volkswagen’s response — or lack thereof — has sparked further intrigue. The automaker has not confirmed whether it received any ransom demands from the group or disclosed the exact nature of the stolen data. The company is taking a wait-and-watch approach, closely monitoring the situation while emphasising that its core IT systems remain secure.
In the News: Fake LockBit ransomware exploits AWS targeting Windows and macOS