Pierluigi Paganini September 24, 2023

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles.

The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site.

Clarion Japan is the Japanese subsidiary of Clarion Co., Ltd., a global manufacturer of audio and video equipment for cars and other vehicles. The company develops, manufactures, and sells a wide range of products, including car navigation systems, audio systems, video systems, and rearview cameras. Clarion Japan also provides a variety of services, such as car maintenance and repair, and software updates.

Clarion’s car navigation systems are used by many car makers in Japan, the products of the company are used by millions of Japanese motorists.

The company has more than 10,000 employees, it also provides its components to other automakers, including Suzuki, Toyota, Subaru, Ford, Volkswagen, Proton, and Peugeot.

On September 23, the group announced the hack of the company and the theft of sensitive data, including partners’ documents.

“Clarion was hacked and leaked confidential data about their business and their partners. This included leaking the engineering information of the company’s customers. In 2 days, the data will be transferred to interested parties and partially posted in the public domain. Clarion is a company that will never protect your data, trusting it with any developments you risk losing your data and reputation.” reads the message published by the Alphvm on the leak site.

The group also claims to have stolen customers’ data and threatens to sell the data to “interested parties” by September 25, 2023. If the data breach is confirmed, this attack could have a significant impact also on other players in the automotive industry.

The group published some screenshots of the stolen documents as proof of the hack.

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the Swissport, NCR, and Western Digital.

The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Alphv)