In the bulletin disseminated this week to a select group of private companies, the FBI warned of efforts by hackers to successfully compromise auto industry computer systems using sophisticated techniques and by taking advantage of network vulnerabilities.
The cyber attacks “have resulted in ransomware infections, data breaches leading to the exfiltration of personally identifiable information, and unauthorized access to enterprise networks,” the FBI said.
“The automotive industry likely will face a wide range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially motivated actors,” the FBI added.
The FBI did not identify which specific cyber actors have targeted the US automotive industry, or whether any are state-supported.
In other instances, hackers resorted to “phishing” attacks, which included sending emails to unsuspecting victims containing malicious attachments. Once the attachments were opened by employees, embedded computer code allowed hackers to access and move throughout computer networks and exfiltrate sensitive data.
Unidentified cyber actors were able to obtain access to employee email accounts at multiple companies in the automotive industry, the FBI said. Once inside networks, hackers created mailbox rules to automatically forward sensitive company messages to external email addresses not associated with the targeted companies. In addition to the theft of sensitive information, intruders were able to conduct fraudulent wire transfers.
An FBI spokesperson would not comment on details in the report, but noted that “in furtherance of public-private partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations.”