LockBit Ransomware Strikes QUFU TEMB Auto Parts in China
Incident Date:
June 23, 2024
Overview
Title
LockBit Ransomware Strikes QUFU TEMB Auto Parts in China
Victim
QUFU TEMB AUTO PARTS MANUFACTURING CO., LTD
Attacker
Lockbit
Location
First Reported
June 23, 2024
Analysis of the LockBit Ransomware Attack on QUFU TEMB Auto Parts Manufacturing Co., Ltd
Company Profile
QUFU TEMB Auto Parts Manufacturing Co., Ltd, a medium-sized enterprise based in Qufu, Shandong, China, specializes in the production of various automotive parts. Established in 1971, the company has carved a niche in the automotive industry by focusing on high-quality components such as thermostats and temperature sensors. QUFU TEMB stands out due to its in-house development, design, and manufacturing capabilities, serving over 90 car makers globally including major brands like SAIC.
Ransomware Attack Overview
The LockBit3 ransomware group has recently targeted QUFU TEMB Auto Parts Manufacturing Co., Ltd, compromising its operational integrity by stealing 326 gigabytes of sensitive data. This data includes confidential documentation, NDAs with major companies, financial records, and personal information. The attack has disrupted the company's online presence, directly impacting their website qftemb.com.
Profile of the LockBit3 Ransomware Group
LockBit3, known for its sophisticated cyber-attacks, employs advanced tactics such as spear-phishing and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. The group specializes in double extortion schemes, where they not only encrypt the victim's data but also threaten to release it publicly if their ransom demands are not met. Their previous targets include diverse sectors such as healthcare and government entities.
Potential Vulnerabilities and Entry Points
The specific vulnerability exploited in this attack could have been due to unpatched software or an overlooked security flaw within QUFU TEMB’s network. Given the detailed nature of the stolen data, it is likely that the attackers had access to the network for an extended period, allowing them to navigate and extract substantial amounts of confidential information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.