The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant.
The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs.
“We’ve obtained 100 GB of data of Nissan Australia. They seem not to be very interested in the data, so we will upload it for you within a few days. You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc. By the way, there is a notice on their website regarding investigation about possible personal information leakage, so we will confirm that with the data uploading.” reads the message published by the group on its data leak site.
Early December, Nissan Oceania, the regional division of the multinational carmaker, announced it had suffered a cyber attack and launched an investigation into the incident. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.
Nissan Oceania refers to the regional operations of the Nissan Motor Company in the Oceania region, which includes Australia and New Zealand.
Nissan, a Japanese multinational automaker, operates globally, and its regional divisions manage business activities in specific geographic areas.
“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.” reads the statement published by the company on its website.
The company did not share details about the attack or its scope. Nissan is still investigating the incident to determine the extent of the data breach.
Nissan recommends customers be vigilant and look out for any suspicious or scam activities.
Nissan said it is still working to restore its systems and plans to provide updates through its websites nissan.com.au and nissan.co.nz.
The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)