Pro-Russian ransomware group claims to have stolen internal login credentials from VW; the company denies the allegations
The pro-Russian hacker group StormouS/V4 claims to have breached the Volkswagen Group’s systems and stolen sensitive data in the process. According to “Ransomware Live,” the alleged attack was published on the group’s leak platform on May 31, 2025, along with screenshots purportedly showing web server communications and internal authentication information.
Specifically, the stolen data is believed to include user accounts, email addresses, authentication tokens (e.g., OAuth, JWT), login links, session cookies, and access control information for systems such as "https://identity.vwgroup.io," among others.
Although the group has not yet demanded a ransom, it has threatened to release the data. At the time of this analysis, however, the shared proof links were inaccessible.
Volkswagen denies the allegations; an internal investigation is underway
In response to inquiries, a Volkswagen spokesperson stated:
“Based on current information, there has been no unauthorized external access to customers’ personal data or sensitive company information.” The company is continuing to investigate the allegations and will involve the authorities if necessary.
Who is StormouS/V4?
StormouS, in its current “V4” variant—also known as “StmX/GhostLocker v4”—is considered a new, pro-Russian ransomware group that targets Western corporations. The group gained notoriety in 2024 following an attack on the Belgian brewery Duvel Moortgat, during which 88 GB of sensitive corporate and employee data was exfiltrated.
The recent case at Volkswagen also makes it clear that companies of all sizes and across all industries are increasingly in the crosshairs of aggressive, politically motivated hacker groups. Even if an attack is not confirmed, such incidents underscore the need for robust security measures, transparent incident response, and timely patch management.
Our recommendation:
Rely on modern detection and response: With our Managed Defense Service (100% EU technology), you can actively protect your infrastructure against cyber threats.