Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: manufacturing (5 articles)Clear

Bajaj Auto confirms ransomware attack on its and subsidiary's systems

Bajaj Auto, one of India's largest makers of motorcycles and three-wheelers, has disclosed a ransomware attack that hit its systems and those of its wholly owned subsidiary Bajaj Auto Technology Limited on the morning of June 23. In a regulatory filing, the company said its technical team and outside experts responded quickly and that containment measures have so far been effective. Bajaj Auto has not disclosed the ransomware strain, whether data was stolen, or whether production was affected, and reported the incident to India's CERT-In. Its shares fell more than 2 percent, and the attack follows a separate breach at Tata Electronics.

Check
Manufacturers should review the resilience of production and IT systems against ransomware, confirm offline backups are tested, and watch for follow-on extortion or leaks tied to this and related Indian manufacturing attacks.
Affected
Bajaj Auto and its subsidiary Bajaj Auto Technology Limited; the strain, data impact, and operational effects are not yet disclosed, part of a wider wave of ransomware hitting Indian manufacturers.
Fix
Maintain tested offline backups, segment IT from production networks, enforce phishing-resistant MFA and least privilege, and prepare incident-response and regulatory-notification plans before an attack, not during one.

Tata Electronics confirms breach as extortion gang leaks Apple and Tesla files

Tata Electronics, the Indian manufacturer that assembles roughly a third of Apple's iPhones in India, has confirmed a cyberattack affecting part of its IT systems after the extortion group World Leaks began leaking stolen data. The group claims to have taken around 200,000 files, including confidential Apple and Tesla manufacturing and component design documents, internal emails, years of event logs, and copies of employee passports, some belonging to foreign nationals. Researchers say the data has been on the dark web since at least June 10, and a ransom was demanded. World Leaks, a rebrand of the Hunters International group, also claimed breaches at Nike and Dell.

Check
Manufacturers and their partners should review how design documents, supplier data, and employee identity records are segmented and monitored, and watch for phishing or fraud using leaked passport and email data.
Affected
Tata Electronics, its employees whose passports and emails were exposed, and partners like Apple and Tesla whose confidential design and manufacturing documents were reportedly included in the roughly 200,000 leaked files.
Fix
Segment and tightly control access to sensitive design and HR data, monitor for large data exfiltration, enforce phishing-resistant MFA, and prepare partners for downstream phishing and fraud using the leaked information.

West Pharmaceutical Services hit by ransomware - $3B injectable-packaging supplier disclosed data theft and encryption in SEC 8-K, global shipping and manufacturing disrupted

West Pharmaceutical Services - the Pennsylvania-based S&P 500 maker of injectable pharmaceutical packaging and drug delivery components, with annual revenues over $3 billion and 10,800 employees - filed an SEC 8-K disclosing a 'material cybersecurity attack.' The company detected the intrusion on May 4, 2026, and confirmed on May 7 that attackers had exfiltrated data and encrypted certain systems. West took infrastructure offline globally for containment, engaged Palo Alto Networks' Unit 42 for forensics, and partially restored core enterprise, shipping, and manufacturing systems by May 13. No ransomware group has publicly claimed the attack, and West says it has 'taken steps intended to mitigate the risk of dissemination of the exfiltrated data.'

Check
Check whether your organization is a downstream customer of West Pharmaceutical Services (injectable vials, syringes, stoppers, drug delivery components), audit purchase orders and delivery delays from May 4 onward, and review supplier-risk assessments.
Affected
Customers and supply-chain partners of West Pharmaceutical Services - primarily biopharma manufacturers and contract drug fillers that depend on West for injectable packaging and delivery systems. Scope of stolen data not yet disclosed.
Fix
Engage West directly for an authoritative status update on your specific product lines, activate alternate-supplier contingencies for time-critical injectables, and treat any new emails referencing West order numbers as untrusted until verified through known account contacts.

Foxconn confirms cyberattack on North American factories - Nitrogen ransomware crew claims 8 TB stolen including Apple, Intel, Google, Dell, and Nvidia project files

Foxconn confirmed Tuesday that a cyberattack hit several North American factories, with its Wisconsin Mount Pleasant facility halting production for a week starting May 1. Workers were told to power off computers and revert to paper timesheets. Nitrogen ransomware group claimed responsibility, posting 8 TB of stolen data covering 11 million files - allegedly including project documentation tied to Apple, Intel, Google, Dell, AMD, and Nvidia. Foxconn says production is resuming. This is the fourth ransomware attack on a Foxconn entity since 2020.

Check
If your organization is a Foxconn customer sharing technical documentation, audit which projects had files staged at the Mount Pleasant facility between January and May.
Affected
Foxconn customers with data at the Wisconsin facility - Apple, Intel, Google, Dell, AMD, Nvidia, Cisco, Microsoft. Acute: organizations whose chip architecture or data center topology documents were shared for server or AI infrastructure production.
Fix
Contact Foxconn directly to confirm what was exfiltrated. Treat any technical documentation shared with Mount Pleasant since 2024 as potentially exposed. Rotate credentials, API keys, or signing certificates Foxconn held.

Two pro-Ukraine hacker groups appear to be teaming up to attack Russian companies - sharing servers and tools across phishing and espionage operations

Update on the Head Mare campaign we covered April 28: Kaspersky now reports that BO Team (also known as Black Owl) and Head Mare appear to be coordinating cyber operations against Russian organizations, sharing command-and-control infrastructure on the same compromised hosts. The likely division of labor: Head Mare phishes for initial access, then BO Team takes over for malware deployment. BO Team has shifted from destructive attacks to covert espionage, and in Q1 2026 hit 20 Russian organizations across manufacturing, telecoms, and oil and gas. The group uses BrockenDoor and Remcos backdoors. Earlier BO Team campaigns hit a Russian drone supplier and the federal digital signature authority.

Check
If your organization operates in Russia or has Russian subsidiaries, search proxy logs for BrockenDoor or Remcos C2 infrastructure since January. Hunt phishing emails referencing manufacturing, telecom, or oil and gas subjects with malicious documents.
Affected
Russian organizations across manufacturing, telecoms, and oil and gas - BO Team's Q1 2026 target list. By extension, Russian subsidiaries of Western multinationals operating in these sectors. The pattern of pro-Ukraine hacktivists coordinating with state-aligned operations means defenders cannot treat hacktivist incidents as opportunistic - they may be one stage of a longer espionage operation.
Fix
Block known BrockenDoor and Remcos C2 indicators per Kaspersky's published IoCs. Monitor for the phishing→malware deployment handoff pattern: phishing email landing followed within days by C2 traffic from a different actor. For organizations not in Russia: this is a template for how hacktivist groups in other regional conflicts may coordinate; expect the same pattern in Middle East and APAC tensions.