Header image

Attackers Rip 240GB of Data from Toyota

Threat actor ZeroSevenGroup exfiltrated various types of data.

Toyota has confirmed that its network was subjected to a limited compromise.

Following threat actor ZeroSevenGroup's exposure of 240GB of data purportedly stolen from the Japanese multinational automaker's US branch.

According to BleepingComputer, infiltration of the Toyota branch has enabled the exfiltration not only of data from customers and employees, but also financial information, contracts, emails, and network infrastructure details, which have been obtained through the ADRecon tool, claimed ZeroSevenGroup.

Attackers were noted by BleepingComputer to potentially have obtained backup data server access after the theft or creation of the exposed files was discovered to have occurred on Christmas 2022.

Guido Grillenmeier, principal technologist at Semperis said there is evidence in this breach that the threat actors targeted the company’s Active Directory, using a scraping tool to elevate their privileges, gather further credentials and information about the network with the goal to extract vast amounts of data.

“The one constant that does exist in cyber-attacks is the criminal intent of the threat actors: they are coldblooded and typically motivated by financial gain,” he said. “Unfortunately, as is the case in approximately 90 percent of cyber-attacks, identity system compromise occurs, most often Active Directory or Entra ID, which stores the crown jewels of a business by managing all permissions to a company’s data.”

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.