Attackers Rip 240GB of Data from Toyota

share
Header image

Attackers Rip 240GB of Data from Toyota

share

Threat actor ZeroSevenGroup exfiltrated various types of data.

Toyota has confirmed that its network was subjected to a limited compromise.

Following threat actor ZeroSevenGroup's exposure of 240GB of data purportedly stolen from the Japanese multinational automaker's US branch.

According to BleepingComputer, infiltration of the Toyota branch has enabled the exfiltration not only of data from customers and employees, but also financial information, contracts, emails, and network infrastructure details, which have been obtained through the ADRecon tool, claimed ZeroSevenGroup.

Attackers were noted by BleepingComputer to potentially have obtained backup data server access after the theft or creation of the exposed files was discovered to have occurred on Christmas 2022.

Guido Grillenmeier, principal technologist at Semperis said there is evidence in this breach that the threat actors targeted the company’s Active Directory, using a scraping tool to elevate their privileges, gather further credentials and information about the network with the goal to extract vast amounts of data.

“The one constant that does exist in cyber-attacks is the criminal intent of the threat actors: they are coldblooded and typically motivated by financial gain,” he said. “Unfortunately, as is the case in approximately 90 percent of cyber-attacks, identity system compromise occurs, most often Active Directory or Entra ID, which stores the crown jewels of a business by managing all permissions to a company’s data.”

Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Data Breach Published: 21 August Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content

 UK watchdog raises concerns over Jaguar Land Rover's cyber bailout

UK watchdog raises concerns over Jaguar Land Rover's cyber bailout

 Stryker dismisses malware use, data theft following cyberattack

Stryker dismisses malware use, data theft following cyberattack
Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate

 Toll of Transport for London hack reaches nearly 10M

Toll of Transport for London hack reaches nearly 10M

 Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech

Industry urges reform to retain women in tech