Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago.
Gentex Corporation confirmed it suffered a data breach following an attack by the Dunghill ransomware gang, though it appears the incident was not previously disclosed.
TechTarget Editorial received an email Tuesday purportedly from a Dunghill operator claiming the group breached the Michigan-based technology and manufacturing company. The email contained a link to a Tor site that allegedly contained 5 TB of sensitive corporate data, including emails, client documents and the personal data of 10,000 Gentex employees such as Social Security numbers.
While TechTarget did not view or download the data and therefore could not confirm its veracity, we contacted Gentex for comment regarding the data leak, and the company confirmed the breach.
"Gentex is aware of the data breach that occurred several months ago, and we have communicated to all affected parties. It's important to note that the breach has not had an impact on our operations," said Craig Piersma, vice president of marketing and corporate communications at Gentex, in an email.
It's unclear when the breach occurred; Gentex has not responded to follow-up questions at press time. However, it does not appear the breach was ever publicly disclosed, despite it occurring several months ago.
Referring to themselves as "a group of computer specialists," the threat actor said they were part of the Dunghill ransomware gang, a relatively new threat group, and told TechTarget that it made the stolen data publicly available on the dark web. Two cybersecurity vendors highlighted Dunghill activity on Twitter last month that supported the claims.
On April 10, Zscaler revealed the Dark Angels ransomware group had launched a new data leak site and rebranded as Dunghill. Then on April 18, threat intelligence vendor FalconFeeds discovered Gentex had been added to Dunghill's public leak site, which is used to pressure victims into paying ransom.
Though Dunghill did not tell TechTarget how it compromised Gentex or whether the attack included any encryption of the company's systems, it did share an array of potentially stolen data, from financial reports and nondisclosure agreements to client contracts and human resources information. The list also included IT infrastructure, access to databases, projects and business agreements. As a technology manufacturer for the automotive and aerospace industries, Gentex produces a variety of electronics, camera systems and sensor products.
"Gentex has ignored fact of the data leak. Some defence part of data leaked too," a Dunghill representative wrote in the email.
In addition, Dunghill claimed it has shared the stolen data with manufacturers from China, India and the U.S. "because Gentex refused to cooperate." It did not address whether those manufacturers were Gentex competitors, partners or both.
Ransomware groups have recently escalated their extortion tactics. Operators are increasingly contacting competitors, members of the media and even family members of victims to pressure organizations into paying. On top of that, gangs are also leaking highly sensitive photo and video footage exfiltrated during attacks.
Arielle Waldman is a Boston-based reporter covering enterprise security news.