Recent searches
Search options
Nissan Australia and New Zealand are dealing with a “cyber incident”, which likely translates as ‘paying the ransom with the help of the Australian government’. https://www.nissan.com.au/ #threatintel
The following other organisations are also suffering a “cyber incident” now:
• Nissan Financial Services
• Mitsubishi Motors Financial Services
• Renault Financial Services
• Skyline Car Finance
• RAM Truck Finance
• LDV Financial Services
Nissan ran a several year old version of Serv-U, with vulns used by ransomware groups. The server is offline now.
Shodan: https://beta.shodan.io/host/103.130.244.135
Server: https://103.130.244.135/
The impacted orgs are part of Renault–Nissan–Mitsubishi Alliance. HT @jpm
As spotted by @jpm, the orgs caught up in the Australian financial services cyber heist are all running via Nissan, it's a single provider of failure basically.
Nissan are now terming this cyber incident as a breach of Nissan Oceania.
Akira ransomware group have claimed #Nissan Australia, say they exfil'd 100gb of data. #threatintel
(Yes, you have to use a terminal to interact with them, lol)
Kudos to Nissan for not paying.
The ransomware breach at Nissan Financial Services, Mitsubishi Motors Financial Services, Renault Financial Services, Skyline Car Finance, RAM Truck Finance and LDV Financial Services is still rumbling on, almost two months later. #Nissan #threatintel
@GossiTheDog ONE BANK TO RULE THEM ALL
@GossiTheDog I remember that Nissan and Renault were connected (50% stake). The others not so sure.
@GossiTheDog it looks like all of these are registered business of Nissan Financial Services:
(1) Subject to LDV Financial Services lending criteria. LDV Financial Services is a registered business name of Nissan Financial Services Australia Pty Ltd ABN 70 130 046 794, Australian Credit Licence Number 391464
Ref: https://www.ldvautomotive.com.au/financialservices/
Search: https://asic.gov.au/online-services/search-asic-s-registers/business-names/
@GossiTheDog @jpm ah, the commercial version of the acronym
@GossiTheDog @jpm Can anyone provide a proof-of-life photo for Nissan's IT department?
@GossiTheDog Hasn't there always been a breach at Nissan Oceania? 
@GossiTheDog probably perpetrated by Nissan Eurasia.
Why Not Zoidberg? 
@GossiTheDog Oh god that screenshot. Edgy McEdgelord strikes again. Looks one dial up tone away from a 1980s hacker movie.
@GossiTheDog serv-u? Like the serv-u ftp server I was using 20-25 years ago, that still exists? Waw!
@jotak @GossiTheDog Some companies deploy IT infrastructure, others run a hard- and software-museum.
@GossiTheDog Is the Serv-U vulnerability you are referring to CVE-2021-35247?
I believe version 15.2.5.5023 has been addressed for CVE-2021-35211, which was exploited by Clop in the past.
Could you please inform me of any other CVEs?
@GossiTheDog Is it the TylerDurden ransomware gang?