
A new ransomware group calling itself D1R has announced that it breached the networks of Synopsys and Bosch, claiming to have stolen 40 000 client records from Synopsys and valuable engineering data from Bosch, according to a report on databreaches.net.
According to the group’s statement, the intrusion was made possible by exploiting a vulnerability in Synopsys’ public‑facing website that allowed access to a backend database.
D1R also said it obtained proprietary information from Bosch related to the company’s technology operations and threatened to release the data unless a ransom is paid.
Synopsys has responded that its security teams found no evidence of unauthorized access and that continuous monitoring shows no sign of a breach, a position reiterated in a statement carried by SecurityWeek.
Bosch has not confirmed the claim and a file presented by D1R as proof appears to consist of publicly available information, leading researchers to suspect the allegations may be exaggerated.
Organisations should review web‑application logs for unusual requests, ensure that any disclosed vulnerabilities are patched promptly and consider engaging a third‑party to test the exposed assets.
Maintaining offline backups, segmenting internal networks and monitoring dark‑web marketplaces for mentions of the stolen data can help limit the impact if a genuine breach occurs.