hiveleak attacks Shanghai Huizhong Automotive Manufacturing Co., Ltd.

Incident Date:

February 25, 2022

World map



hiveleak attacks Shanghai Huizhong Automotive Manufacturing Co., Ltd.


Shanghai Huizhong Automotive Manufacturing Co., Ltd.




Pudong, China

Shanghai, China

First Reported

February 25, 2022

Shanghai Huizhong Automotive Manufacturing Co., Ltd. Ransomware Attack

Company Overview

Shanghai Huizhong Automotive Manufacturing Co., Ltd. (SHAC), a prominent entity listed on the Shanghai stock exchange, stands as a leading manufacturer of port machinery globally. The company boasts a substantial operational scale, with a fleet of over 20 transportation vessels. Operating within the manufacturing sector, SHAC's significant footprint makes it a prime target for ransomware attacks, which aim to inflict financial losses and disrupt operations.

Vulnerabilities and Targeting

The attack on SHAC by the ransomware group HiveLeak, although not detailed in terms of specific vulnerabilities, highlights a critical concern within the cybersecurity domain. HiveLeak, known for its Ransomware-as-a-Service (RaaS) model, facilitates even novice cybercriminals in executing ransomware attacks. This incident suggests a possible exploitation of SHAC's system vulnerabilities, likely through phishing or social engineering tactics, underscoring the need for heightened security measures in the manufacturing sector.

Industry Standout

As a significant player in the port machinery manufacturing sector, SHAC's extensive operations, evidenced by its fleet of over 20 transportation vessels, render it an attractive target for ransomware groups. These adversaries are motivated by the prospect of substantial financial gains from large-scale operations vulnerable to disruption.

Mitigation Strategies

Although specific mitigation strategies were not discussed, it is imperative for corporations, especially those within the manufacturing sector, to adopt comprehensive cybersecurity measures. Key strategies include conducting regular software updates, providing employee training on cybersecurity awareness, and implementing multi-factor authentication to safeguard against ransomware threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.