- An external IT partner to Scania lost its login -legitimation information through an infoTealer
- The hackers used the password to access Scania and steal files
- They asked the company for money and later offered the archive for sale
Swedish car manufacturer Scania has confirmed the suffering of a cyber attack that saw the losing sensitive customer data.
Security researchers Hackmanac found a new thread on a dark web forum where a database allegedly stolen from ‘insurance.scania.com’ was offered for sale to an exclusive buyer for an unknown sum of money.
“Hello guys. We hacked new goal and sold full connection of ‘insurance.scania.com’. Fully attached files are 34,000, and the first time hacked + just want 1 hand sells,” reads the advertisement, which is published in both English and Russian. “Get photo attached to comments (for no one can’t copy and scam people).”
Supply chain attack
After the thread was sent, Scania confirmed the authenticity of the requirements and said it was broken in late May 2025 as part of a supply chain attack derived from an external IT partner.
“We can confirm that there has been a security -related incident in the” Insurance.scania.com “application, the application is provided by an external IT partner,” a spokesman for Scania said.
“On May 28 and 29, a perpetrator used credentials for a legitimate external user to access a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password -tealer malware.”
“Using the compromised account, documents were related to insurance requirements downloaded.”
Although the company does not detail what information was found in the stolen files, it is safe to assume that it is sensitive, possibly financial or medical. The number of persons affected is also unknown to now.
After stolening the archives, the threat actor tried to extort Scania for money, reach out on several occasions and demand a ransom. When it ended up offering the database for sale on the dark web, we can assume that the company rejected the generous offer.
Via Bleeping computer
