- An external IT member for Scania lost its login credentials through an infostellator
- Computer pirates used the password to access Scania and steal files
- They asked the company and then offered the file for sale.
The Swedish car manufacturer Scania has confirmed the suffering of a cyber attack that saw him lose confidential data of the client.
Hackmanac Security Researchers found a new thread in a dark web forum, in which a supposedly stolen database of ‘insurgence.com’ was offered for sale to an exclusive buyer for an unknown sum of money.
“Hello guys. We made a new goal and sold a complete attachment of ‘Insurance.scania.com’. The full attachments are 34,000 and the first time pirated + will only sell 1 hand,” says the announcement, published in English as Russian. “Few attached photos with comments (for anyone, cannot copy and cheat people).”
Supply chain attack
After the thread was published, Scania confirmed the authenticity of the statements, saying that it was violated at the end of May 2025 as part of an attack of the supply chain that originated in an external IT member.
“We can confirm that there has been an incident related to the security in the application” Insurance.scania.com “, the request is provided by an external IT partner,” said a scany spokesman.
“On May 28 and 29, a perpetrator used credentials for a legitimate external user to obtain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were filtered by means of a password robber malware.”
“Using the committed account, documents related to insurance claims were downloaded.”
Although the company did not detail what information was found in the stolen files, it is safe to assume that it is sensitive, possibly financial or medical. The number of affected individuals is also unknown for now.
After stealing the files, the threat actor tried to extort Scania for money, reaching multiple occasions and demanding a ransom. Since it ended up offering the database for sale on the dark website, we can assume that the company rejected the generous offer.
Through Bleepingcomputer
