On aurora’s ransomware operation against Sumitomo Electric Bordnetze (DE), the group exfiltrated 1.1 terabytes of data from manufacturing sites, including HR/payroll and engineering/quality documentation across multiple regions. The dataset included sensitive banking material such as Citibank corporate authentication systems and related operational records, impacting Germany, Moldova, Ukraine, Tunisia, and Slovakia #Germany #Moldova #Ukraine #Tunisia #Slovakia
Incident Details
- Victim: Sumitomo Electric Bordnetze
- Sector: Manufacturing
- Country: DE
- Actor: aurora
- Source: http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/sumitomo-electric-bordnetze-1b202d14
- Discovered: 2026-06-16T13:20:48.292864+00:00
- Published: 2026-06-16T00:00:00+00:00
Information
- SEBN is a Wolfsburg-headquartered subsidiary of Sumitomo Electric Industries, employing about 40,000 people across 14 countries.
- About 1.1 TB of data was exfiltrated from five manufacturing sites.
- The Moldova site included HR, payroll, personal tax records, competition-council litigation files, and home directories.
- The Ukraine site included HR and salary data, Audi B9 project data, process documentation, and records related to displaced workers for Ukrainian IDPs.
- The Tunisia Fejja site included passport copies, email archives, quality and FMEA data, and finance information.
- The Slovakia site contained Citibank corporate banking infrastructure, including the TESTKEY authentication system, IBAN registries, daily bank statements, SAP salary-payment files, and years of department email archives.
- The dataset includes 173,000 Excel files, 149,000 PDFs, 2,500 CAD engineering drawings, 2,500 Outlook messages, 1,500 FMEA/PPAP quality files, and 9 Outlook PST archives.
Disclaimer: This post is based on public claims made by the ransomware group "aurora". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.