- An external IT partner for scania lost his login credentials through an infostaller
- Hackers used passwords to reach scania and steal files
- He asked the company for money, and later offered a collection for sale
Swedish automotive manufacturer Scania confirmed to suffer a cyberlack that saw this sensitive customer loses data.
Security researchers Hamcacle found a new thread on a dark web forum, in which a database was allegedly stolen from ‘Insurance.Scania.com’, being offered to a special buyer for sale for an unknown amount.
“Hi.” Some photo is associated with comment (for anyone any copy and scam). “
Supply chain attack
After posting the thread, Scania confirmed the authenticity of the claims, stating that it was violated as part of a supply chain attack in late May 2025, born in an external IT partner.
“We can confirm that the application is” insinress.scania.com “in the application,” a spokesman from Scania said, the application is provided by an external IT partner. “
“On 28th and 29 May, a criminal used credentials for a legitimate external user to get access to the system used for insurance purposes; our current belief is that credentials used by the offender were leaked by a password steeler malware.”
“Documents related to insurance claims were downloaded, using the compromised account.”
However, the company did not say what information was received in the stolen files, it is safe to assume that it is sensitive, possibly financial or medical. The number of affected persons is also unknown for now.
After stealing the archives, the actor tried to get the scania out for money, reaching several occasions and demanding ransom. Since it offered a database for sale on the dark web, we can assume that the company rejected the liberal proposal.
Through BlappingCopper
