Ransomware Attack on Hanon Systems by Hunters International

Hanon Systems, a global leader in thermal and energy management solutions for the automotive industry, has been targeted by the ransomware group Hunters International. This attack marks the third ransomware incident for Hanon Systems in recent years, highlighting ongoing cybersecurity vulnerabilities within the company.

Company Overview

Hanon Systems, established in 1986, specializes in designing and manufacturing advanced heating, ventilation, and air conditioning (HVAC) systems, compressors, and air quality solutions for both electric and internal combustion engine vehicles. The company employs approximately 20,000 people globally and reported revenues of around $3.5 billion in 2023. Hanon Systems is recognized for its innovative products, such as the world's first fourth-generation heat pump system for electric vehicles, and its commitment to sustainability.

Attack Overview

The ransomware attack by Hunters International resulted in the exposure of 2.3 terabytes of sensitive data on the dark web on August 16. The compromised data includes resumes from job applicants, contact details and addresses of employees and their families, employee ID photos, and critical information about Hanon Systems' global equity structure. The breach was discovered on August 11 and promptly reported to the Korea Internet & Security Agency (KISA). By August 12, Hanon Systems had notified employees in the Asan region and posted an internal announcement.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on exfiltrating data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Impact

Hunters International's ransomware code contains approximately 60% overlap with Hive ransomware, indicating a shared technical lineage. The group likely penetrated Hanon Systems' defenses through sophisticated encryption methods and tactics inherited from Hive. The impact of this breach is substantial, affecting both the individuals whose data has been compromised and Hanon Systems' business operations. With major clients like Hyundai Motor Company and Ford, and an ongoing acquisition by Hankook & Company Group, this cybersecurity incident could have serious implications for the company's future.

Sources

• Hanon Systems
• SOCRadar - Dark Web Profile: Hunters International
• Global Security Mag - Hive Ransomware's Offspring: Hunters International Takes the Stage