The Qilin ransomware group has claimed responsibility for a cyberattack on Yanfeng Automotive Interiors (Yanfeng), a leading global automotive parts supplier with over 57,000 employees across 240 locations.
Yanfeng, specializing in interior components, holds a pivotal role in the supply chain of automotive giants like General Motors, Volkswagen Group, Ford, Stellantis, BMW, Daimler AG, Toyota, Honda, Nissan, and SAIC Motor.
This attack not only impacted Yanfeng but also directly affected Stellantis, compelling the car company to halt production at its North American plants.
Despite inquiries, Yanfeng remained unresponsive regarding the incident, with its website inaccessible until recently, returning without any statements addressing the outage.
Stellantis acknowledged the disruption, attributing it to an “issue” at an external supplier, clarifying that production at the affected plants had resumed by November 16.
The Qilin ransomware group, previously known as “Agenda,” claimed responsibility for the attack on Yanfeng, showcasing evidence of their access to the company’s systems and files on their Tor data leak extortion site. The leaked samples included financial documents, non-disclosure agreements, quotation files, technical data sheets, and internal reports.
Qilin threatened to release all obtained data in the coming days without specifying a deadline. The group, known for its RaaS (ransomware as a service) platform, rebranded in 2023 and conducts targeted attacks across various sectors, customizing their methods to maximize impact.
In a notable turn, Group-IB infiltrated Qilin’s operations earlier in 2023, publishing a report detailing the gang’s operations, recruitment processes, admin panel features, and target selection, shedding light on their modus operandi.
