VYPR
breachPublished Jul 14, 2026· 1 source

Synopsys Denies Data Breach Claims by New Ransomware Group D1R

Synopsys has refuted claims by the nascent D1R ransomware group that it breached the company's systems and accessed sensitive data belonging to its major customer, Bosch.

Silicon-to-systems design firm Synopsys has announced it has found no evidence of a data breach following claims made by a new cybercrime group, D1R. The group had asserted that it had compromised Synopsys' systems and obtained valuable data related to one of its significant clients, Bosch, and threatened to leak the information unless a ransom was paid.

D1R, a recently emerged ransomware operation, listed both Synopsys and Bosch on its Tor-based leak site. The threat actors alleged they exploited a vulnerability in Synopsys' website to access a corporate client database containing approximately 40,000 entries. They further claimed to have used this access to target Bosch, purportedly stealing valuable intellectual property.

Synopsys, a key provider of electronic design automation software and semiconductor blueprints essential for microchip development, stated that its internal investigation yielded no supporting evidence for the hackers' assertions. The company emphasized its commitment to data security and continuous network monitoring.

"The security of data and systems is a priority for Synopsys," a company spokesperson told SecurityWeek. "We are continuously monitoring our network and have found no evidence of Synopsys or customer technical data being subject to unauthorized access. We have not been contacted by this threat actor and, based on our investigation, claims of unauthorized access to customer confidential data are unfounded."

Further undermining the credibility of D1R's claims, a screenshot of a document allegedly proving access to Bosch data appears to be a publicly available user manual. This tactic of fabricating or exaggerating the scope of breaches is a common tactic employed by cybercriminals to pressure victims and gain notoriety.

Bosch, when contacted for comment, provided a general statement regarding its cybersecurity posture. The German engineering and technology giant reiterated its focus on strengthening digital systems and its capabilities to respond to potential cyber incidents, aiming to protect critical systems and limit the impact of attacks.

The incident highlights the challenges faced by cybersecurity firms and their clients in verifying threat actor claims, especially when dealing with new or less established groups. The lack of concrete evidence and the potential for disinformation underscore the importance of thorough internal investigations and independent verification before confirming any security incident.

While Synopsys has publicly denied the breach, the situation remains under observation as the cybersecurity landscape continues to evolve with new threat actors and evolving attack vectors.

Synthesized by Vypr AI