Ransomware group 8Base has claimed responsibility for an attack on Volkswagen Group in which it claims to have stolen sensitive data.
Data stolen in the attack allegedly includes invoices, receipts, accounting documents, personal employee files, employment contracts, certificates, personnel records, and numerous confidentiality agreements.
According to 8Base, the attack took place in September 2024, meaning the group has been sitting on a batch of data for more than a year.
Volkswagen has confirmed that a security “incident” occurred, but has so far been tight-lipped on the scope of the incident and whether data has been stolen.
In a statement given to Cybersecurity News, the car manufacturer said there has been no impact on its IT systems, possibly indicating the compromise occurred through a third-party supplier or subsidiary.
Who’s behind the Volkswagen attack?
8Base is a relative newcomer to the threat landscape, having burst onto the scene in 2023. The group is believed to be an offshoot of the Phobos ransomware group, and has reportedly targeted more than 1,000 organizations since forming, netting a total of $16 million in ransom payments.
Often gaining initial access via phishing campaigns or buying credentials on the dark web, the group relies mainly on a strategy of double extortion, encrypting victims' data and threatening to publish stolen information unless a ransom is paid.
Earlier this year, four Russian nationals were arrested in Thailand for alleged involvement in the group, following a joint police operation by 14 countries. The law enforcement sting saw 27 servers linked to the group seized and taken offline.
If confirmed, the Volkswagen attack may represent a change in strategy for the group. Threat intelligence from Europol shows 8Base has tended to focus mainly on small to medium-sized businesses, which often lack the cybersecurity defences to protect themselves.
Previous victims are believed to include a children’s hospital, health care providers, and educational institutions.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware victims are refusing to play ball with hackers
- The number of ransomware groups rockets as new players emerge
- The top ransomware trends for businesses in 2025
-
Pure Storage’s expanded partner ecosystem helps fuel Q3 growthNews The data storage vendor has announced a 16% year-over-year revenue hike in its latest earnings report, driven by continued channel and product investment
-
Partners have been ‘critical from day one’ at AWS, and the company’s agentic AI drive means they’re more important than everNews The hyperscaler is leaning on its extensive ties with channel partners and systems integrators to drive AI adoption
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
