The German branch of Toyota Financial Services (TFS), a subsidiary of the well-known Japanese vehicle manufacturer Toyota Motor Corporation, appears to have been the target of a cyberattack executed by the ransomware group Medusa. This information comes from a report by Bleeping Computer. The company has reportedly confirmed unauthorized access to some of its systems operating in Europe and Africa.
According to Bleeping Computer, the hacker group previously added TFS to a list of targeted organizations on their data leak site. The group claims to have stolen data from the company, which operates globally and offers vehicle financing to its customers.
Data appears to originate from Germany
As seen in a screenshot shared by Bleeping Computer, the attackers are demanding a ransom of $8 million to either delete the captured data or download it entirely. The attackers have given Toyota a ten-day deadline, allowing the company to extend the deadline by one day for a payment of $10,000.
Medusa also claims that the data set comes from Toyota Financial Services in Germany, which is associated with Toyota Deutschland GmbH based in Cologne. According to Bleeping Computer, the hackers have seemingly released sample data to strengthen their ransom demand.
Among the information allegedly stolen by the hacker group are financial documents, spreadsheets, purchase invoices, hashed account passwords, user IDs and plaintext passwords, contracts, ID scans, internal organizational charts, financial performance reports, and email addresses of employees. Most documents are written in German.
Citrix Bleed Suspected Again
While the exact method used by the attackers to breach Toyota’s systems hasn’t been officially confirmed, there’s suspicion that Medusa might have exploited Citrix Bleed. This vulnerability affects Citrix Netscaler systems, and a patch was released by the manufacturer on October 10.
As revealed in a screenshot shared by security researcher Kevin Beaumont on X, a Citrix Gateway associated with Toyota Kreditbank GmbH in Cologne was reportedly unpatched for Citrix Bleed a few days ago. The system’s last update was on August 26.
Recently, prominent cyberattacks on Boeing and a U.S. subsidiary of the Industrial & Commercial Bank of China are also believed to have occurred by exploiting Citrix Bleed.
READ MORE: Signal Reveals $50 Million Annual Costs for Secure Messaging Operations by 2025