June 21, 2024


Think Differently

Toyota confirms breach right after Medusa ransomware threatens to leak knowledge

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.

Toyota Money Services (TFS) has confirmed that it detected unauthorized accessibility on some of its devices in Europe and Africa following Medusa ransomware claimed an assault on the business.

Toyota Fiscal Services, a subsidiary of Toyota Motor Company, is a worldwide entity with a existence in 90% of the markets in which Toyota sells its automobiles, delivering vehicle funding to its prospects.

Previously now, the Medusa ransomware gang detailed TFS to its data leak website on the dim website, demanding a payment of $8,000,000 to delete facts allegedly stolen from the Japanese enterprise.

The threat actors gave Toyota 10 times to reply, with the option to lengthen the deadline for $10,000 for each day.

Medusa taking responsibility for attacking Toyota
Medusa demanding $8 million from Toyota (BleepingComputer)

Although Toyota Finance did not affirm if data was stolen in the attack, the danger actors assert to have exfiltrated information and threaten with a information leak if a ransom is not paid out.

To demonstrate the intrusion, the hackers posted sample knowledge that contains economical documents, spreadsheets, buy invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, inner organization charts, money efficiency reviews, workers e-mail addresses, and extra.

Medusa also provides a .TXT file with the file tree composition of all the facts they claim to have stolen from Toyota’s methods.

Most of the files are in German, indicating that the hackers managed to obtain systems serving Toyota’s operations in Central Europe.

BleepingComputer achieved out to the Japanese automaker for a comment on the leaked knowledge and a corporation spokesperson provided the pursuing assertion:

“Toyota Financial Companies Europe & Africa lately determined unauthorized exercise on devices in a minimal quantity of its places.”

“We took specified devices offline to investigate this activity and to lessen danger and have also begun doing the job with law enforcement.”

“As of now, this incident is limited to Toyota Money Expert services Europe & Africa.”

Concerning the standing of the impacted units and their approximated return to typical functions, the spokesperson told us that the procedure of bringing programs again on the web is now underway in most nations around the world.

Another Citrix Bleed breach?

Before today, pursuing Medusa’s disclosure of TFS as their target, stability analyst Kevin Beaumont highlighted that the firm’s German business office experienced an world wide web-uncovered Citrix Gateway endpoint which had not been updated considering that August 2023, indicating that it was susceptible to the significant Citrix Bleed (CVE-2023-4966) safety problem.

A number of times back, it was confirmed that Lockbit ransomware operatives were employing publicly readily available exploits for Citrix Bleed to achieve breaches in opposition to the Industrial and Professional Lender of China (ICBC), DP Entire world, Allen & Overy, and Boeing.

It is possible that other ransomware groups have begun to exploit Citrix Bleed, using benefit of the substantial assault area estimated to depend various thousand endpoints.