The notorious Knight ransomware group has asserted responsibility for a cyberattack on BMW Munique Motors, the authorized BMW dealership for the State of Rondônia. This cyberattack claim was posted on the dark web channel frequently used by the Knight ransomware group. 
Adding to the gravity of the situation, the threat actors left a message for visitors, stating, “At the end of the countdown, the download links will be displayed here.” 
This post was made public on October 15 and contained a “Disclosed Links” section where the threat actor aims to release the download links for the stolen files. 
Cyberattack on BMW Munique Motors: The Clarification
Source: Twitter
However, it’s important to note that the Knight ransomware group clarified that their target was the official BMW dealership in the State of Rondônia and not the parent company itself. 
Upon receiving news of the cyberattack on BMW Munique Motors, The Cyber Express promptly sought an official confirmation from the organization.
However, at the time of writing this, no official statement or response has been received, leaving the claims surrounding this cyberattack on BMW Munique Motors stand unverified.
Interestingly, despite the severity of the claims, the website for BMW Munique Motors remains operational and shows no overt signs of an attack.
This suggests that the threat actors may have targeted the organization’s backend database, highlighting the sophisticated nature of the cyberattack.
Cyberattack on BMW Munique Motors and Previous Incidents
This cyberattack on BMW Munique Motors follows an earlier attack on BMW France by the Play Ransomware group, which claimed responsibility. The group issued an ultimatum, threatening to release stolen data on the dark web if their ransom demand was not met by April 9, 2023. The compromised data reportedly included clients’ documents, contracts, and financial information.
In 2022, BMW France again fell prey to a major cybersecurity breach when its social media accounts were hacked, resulting in damage to the esteemed German automaker’s reputation. The Knight ransomware group emerged in August 2023, evolving from the infamous Cyclops ransomware. This threat operator offers payloads in both normal and ‘lite’ versions, signifying a new level of sophistication in cybercriminal tactics.
Operating as a multi-extortion group, Knight ransomware adopts a TOR-based blog to list victim names alongside any exfiltrated data, applying aggressive coercion techniques to secure payment and prevent public data leaks. This group has actively advertised and sold its services on the RAMP forum.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.