Synopsys says it has found no evidence of unauthorized access after a hacking group claimed to have exploited a website vulnerability to obtain a corporate client database and downstream data belonging to Bosch.
A ransomware group calling itself D1R has claimed to have breached Synopsys, a U.S. company that supplies electronic design automation software and semiconductor blueprints, and used that access to obtain data allegedly linked to Bosch, the German engineering and technology company that relies on Synopsys tools for designing vehicle and industrial components. Synopsys says its investigation has turned up no evidence supporting the claims.
D1R posted listings for both Synopsys and Bosch on its dark web leak site, giving Bosch 11 days to make contact before the group says it will publish the allegedly stolen data. The group claims it exploited a logic flaw in a Synopsys registration form to pull an entire corporate client database containing 40,000 entries without needing internal access.
Separately, D1R claims it used data obtained from Synopsys to access material belonging to Bosch, alleging it obtained intellectual property tied to the company’s hardware development. Among the files the group has published is a directory listing that includes numerous files with a .vhd extension, along with other project files. Such files can contain VHDL source code, a format used to design hardware through code, meaning the material could expose details of proprietary Bosch hardware if the claims are verified.
One image the group posted as evidence shows the opening page of a manual for the Controller Area Network protocol, a communications standard that Bosch originally developed in 1983 and that is used across cars, trains, aircraft and other embedded systems to let electronic components communicate with each other. Synopsys said that document appears to match material already publicly available, and the company said it has not been contacted by the threat actor.
Synopsys said protecting data and systems is a top priority and that it continues to monitor its network. The company said it found no evidence that Synopsys or customer technical data had been subject to unauthorized access and called the claims of unauthorized access to confidential customer data unfounded.
Bosch declined to answer specific questions about the alleged incident, instead providing a general statement saying it places great importance on cybersecurity and, as a globally networked industrial company, continuously strengthens protection of its digital systems and expands its capacity to respond quickly and in a coordinated way to potential cyber incidents. The statement said the goal is to protect critical systems based on risk and limit the impact of potential attacks, and that this approach supports the company’s reliability, operational capability and resilience.
The scope of the alleged breach remains unconfirmed. D1R is a newly identified name in the ransomware landscape, and the Synopsys and Bosch listings are among only three victims currently posted on its leak site.
This is not the first time Bosch has appeared connected to a data-related incident. Last year, cybercriminals claimed on Telegram to have obtained sensitive data covering roughly 800 customer networks, with Bosch among those affected. That data reportedly originated from a breach at Red Hat, a U.S. software company, and the confirmed breach affected GitLab repositories, exposing configuration files and internal tools. In 2021, a threat actor reportedly listed source code taken from Bosch’s 5G IoT connectivity platform on an illicit marketplace.
