Toyota Monetary Providers Europe & Africa this week confirmed being focused in a cyberattack, which seems to have been performed by a recognized ransomware group.
The Toyota subsidiary stated it lately detected unauthorized exercise on methods in a restricted variety of places. In response, it took some methods offline and they’re regularly being introduced again on-line.
“In most nations, we’ve got began bringing our methods again on-line. We’re working diligently to get methods again on-line as quickly as attainable and we remorse any inconvenience brought on to our prospects and enterprise companions,” the corporate stated in a press release posted on its web site. “As of now, this incident is proscribed to Toyota Monetary Providers Europe & Africa.”
The ransomware group generally known as Medusa and MedusaLocker has taken credit score for the assault, itemizing Toyota Monetary Providers on its Tor-based leak web site and threatening to distribute stolen knowledge except an $8 million ransom is paid inside 10 days.
Screenshots and a file tree made public by the cybercriminals to reveal their claims point out that the knowledge was stolen from Toyota Monetary Providers methods in Germany.
The screenshots posted by the hackers on their web site present that varied sorts of company paperwork, spreadsheets containing private info, and passport copies have been obtained.
It’s attainable that the Medusa group hacked the corporate by exploiting a current Citrix NetScaler vulnerability tracked as CVE-2023-4966 and named CitrixBleed (Citrix Bleed).
Cybersecurity researcher Kevin Beaumont identified that Toyota Monetary Providers lately had a Citrix Gateway system positioned in Germany that was uncovered to the web and certain susceptible to CitrixBleed assaults.
The CitrixBleed vulnerability has been broadly exploited by menace actors, together with in lots of ransomware assaults.
Based on Beaumont, the LockBit ransomware group has exploited the flaw to entry the methods of presidency organizations, legislation companies and banks. The cybercrime gang has taken credit score for the current assault on China’s greatest financial institution, which additionally had a susceptible Citrix system uncovered to the online.
The researcher has additionally recognized internet-exposed and unpatched Citrix units belonging to Boeing and Australian transport firm DP World, each of which have been lately focused.