Ransomware group 8Base has claimed responsibility for a cyberattack against Volkswagen Group, alleging theft of internal company data including invoices, contracts, and personnel records. The group posted the claim to its leak site, asserting it holds documents from the automaker and its subsidiaries.
Volkswagen confirmed that a security incident
occurred but stated that its internal IT infrastructure remains unaffected. According to statements shared with Cybersecurity News, the company’s investigation suggests that the intrusion may have occurred through a third-party supplier.
The 8Base group, which surfaced in 2023 and is thought to be linked to the Phobos ransomware family, has targeted over 1,000 organizations and extorted an estimated $16 million to date. It typically employs double extortion tactics—encrypting systems while threatening to publish stolen data unless a ransom is paid.
Law enforcement agencies in Thailand and Europe arrested four suspected 8Base members earlier this year as part of a coordinated multinational operation that seized 27 associated servers. Despite these disruptions, the group appears to have resumed activity, now claiming attacks on larger corporate entities.
Threat intelligence reports from Europol indicate that 8Base previously focused on small to medium-sized businesses, particularly in healthcare and education sectors. The Volkswagen case could mark a strategic escalation into higher-profile targets within Europe’s industrial sector.
Volkswagen has not confirmed any ransom demands or data leak publication timelines as of this report.