November 17, 2023 at 06:33AM
Toyota Financial Services Europe & Africa confirmed being targeted in a cyberattack by the ransomware group Medusa. Unauthorized activity was detected in a limited number of locations and systems were taken offline. The group is threatening to distribute stolen data unless an $8 million ransom is paid. The attack may have been facilitated by a Citrix NetScaler vulnerability. Other organizations, including government entities and banks, have also been targeted through this vulnerability.
Key Takeaways:
– Toyota Financial Services Europe & Africa experienced a cyberattack conducted by the ransomware group known as Medusa and MedusaLocker.
– Unauthorized activity on systems was detected, prompting the company to take some systems offline and gradually bring them back online.
– The attack appears to be limited to Toyota Financial Services Europe & Africa.
– The hackers are demanding an $8 million ransom within 10 days, threatening to distribute stolen data if not paid.
– Screenshots and file tree provided by the hackers indicate that data was stolen from the company’s systems in Germany.
– The attack may have been facilitated by exploiting a known Citrix NetScaler vulnerability (CVE-2023-4966, also known as CitrixBleed).
– Toyota Financial Services had an internet-exposed and likely vulnerable Citrix Gateway system in Germany.
– CitrixBleed vulnerability has been exploited by various threat actors, including the LockBit ransomware group.
– Other companies, including Boeing and DP World, have also been targeted through unpatched and exposed Citrix devices.