Real cases

Data since 2012

Have you discovered a vulnerability?
Real cases of hacked carsDate
Nissan’s multimedia system hackedEne 2021Read More
Headline Nissan’s multimedia system hacked
Year 2021
Month Enero
Country United States
Description 

An anonymous researcher claims to have managed to hack the multimedia system of a Nissan Xterra -an SUV available in countries such as the United States-. This hacker found a vulnerability, through which he was able to insert a USB drive with a code that allowed him to access the system’s kernel with administrator privileges, thus being able to make modifications of all kinds to the OEM software. This infotainment unit -the ‘lcn2kai’, manufactured by Bosch- is present in other models of the manufacturer such as the Altima, the Rogue or the Sentra -which are not marketed in Western Europe-.

Intentionality Hacker
Target Vehículo
Company Nissan
Model Xterra
Type of company 
Data / Life Datos y Vida
Access Físico y remoto
System Multimedia System
Recognized by brand No
Source https://www.somagnews.com/security-researcher-hacks-nissan-brand-car/
Tesla sues ex-employee for stealing secret informationEne 2019Read More
Headline Tesla sues ex-employee for stealing secret information
Year 2019
Month Enero
Country Estados Unidos
Description 

Just three days after taking up his new job at Tesla, software engineer Alex Khatilov is caught copying nearly 26,000 confidential files from Tesla’s servers to a personal Dropbox. When questioned by security personnel, he lies and claims they are personal administrative documents… while simultaneously trying to delete the evidence. According to Tesla, the amount of data stolen would be equivalent to 200 years of work, and could – if subsequently sold – put its competitors on the trail of its technological innovations.

Intentionality Cracker
Target Empresa
Company Tesla
Type of company Manufacturer
Data / Life Datos
Access Físico y remoto
System Databases
Recognized by brand 
Source https://www.ibtimes.co.uk/tesla-sues-former-employee-allegedly-stealing-26000-confidential-files-1687434?&web_view=true
Mobile crane builder suffers massive cyber-attackEne 2021Read More
Headline Mobile crane builder suffers massive cyber-attack
Year 2021
Month Enero
Country Austria
Description 

The Austrian-based mobile crane manufacturer Palfinger has suffered a massive cyber-attack – part of a worldwide ‘wave’ – on its servers and IT infrastructure. According to the company itself, the attack affects both its own website and its internal servers (e-mail, databases, etc.). Due to all of the above, those responsible have been forced to halt operations worldwide.

Intentionality Cracker
Target Empresa
Company Palfinger
Type of company Manufacturer / Carmaker
Data / Life Datos
Access Remoto
System Databases, website
Recognized by brand 
Source https://www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/?&web_view=true
UPS drivers’ medical data exposed after cyberattackEne 2021Read More
Headline UPS drivers’ medical data exposed after cyberattack
Year 2021
Month Enero
Country United States
Description 

Following a ransomware cyber-attack against a private medical provider in the US state of Virginia, the records of a large number of drivers of the well-known delivery company UPS – with names, addresses, history of ailments and conditions… – ended up exposed on a dark web. In the same attack, the perpetrators – a group called ‘Conti Ransomware’ – also stole similar information from the workers of the Norfolk Southern Railroad – a railway company.

Intentionality Cracker
Target Empresa
Company UPS
Type of company Logistics and Transport
Data / Life Datos
Access Remoto
System Databases
Recognized by brand 
Source https://www.infosecurity-magazine.com/news/truckers-medical-records-leaked/?&web_view=true
Shipping company suffers confidential data theftEne 2021Read More
Headline Shipping company suffers confidential data theft
Year 2021
Month Enero
Country United Kingdom
Description 

The multinational company AnyVan, which offers transport, moving and courier services, suffered a cyberattack that resulted in the theft of several digital files containing customers’ personal information. According to investigations, the attack – detected three months after it began – could have exposed names, e-mail addresses and even encrypted fragments of passwords.

Intentionality Cracker
Target Empresa
Company AnyVan
Type of company Transport and Logistics
Data / Life Datos
Access Remoto
System Databases
Recognized by brand No
Source https://www.theregister.com/2021/01/19/anyvan_confirms_digital_breakin_says/?&web_view=true
Crackers impersonate New York authorities to deceive driversEne 2021Read More
Headline Crackers impersonate New York authorities to deceive drivers
Year 2021
Month Enero
Country United States
Description 

Through text messages addressed to New York drivers, a group of crackers impersonate the state’s Department of Motor Vehicles -or DMV-. In these messages, they ask the victims to access a website -through a link provided in the message- to enter their personal data -name, address, license number…- under the false pretext of updating them in the New York State databases. This is what is known as a case of phishing or identity theft.

Intentionality Cracker
Target Otros
Company New York DMV
Type of company Public Institution
Data / Life Datos
Access Remoto
System Website
Recognized by brand 
Source https://securityintelligence.com/news/text-phishing-disguised-as-new-york-state-dmv-messages/?web_view=true
U.S. railroad operator is victim of ransomwareEne 2021Read More
Headline U.S. railroad operator is victim of ransomware
Year 2021
Month Enero
Country United States
Description 

The railroad company OmniTRAX -based in Colorado, USA- suffered a ransomware attack that was originally aimed at its parent company, the multinational Broe Group. The perpetrators – a group known as Conti – claimed responsibility for the attack after publishing some of the information stolen from the operator. It should be remembered that ransomware is a type of attack that consists of the theft or encryption of data, in which the criminals ask for a ransom in exchange for the release of the ‘kidnapped’ information.

 

Intentionality Cracker
Target Empresa
Company OmniTRAX
Type of company Railway Operator
Data / Life Datos
Access Remoto
Recognized by brand 
Source https://finance.yahoo.com/finance/news/ransomware-attack-hits-short-line-140331188.html?&web_view=true
Roadside assistance employee collects and sells user data to another companyEne 2021Read More
Headline Roadside assistance employee collects and sells user data to another company
Year 2021
Month Enero
Country United Kingdom
Description 

An employee of RAC – one of the UK’s leading roadside assistance companies – is caught manipulating user data without authorization. The investigation concludes that, in exchange for financial compensation, he gave them to a legal firm specializing in road traffic accidents. The information sold included names, telephone numbers and license plates of a large number of customers who had recently turned to RAC following an accident.

 

Intentionality Cracker
Target Empresa
Company RAC
Type of company Road Assistance
Data / Life Datos
Access Aplicación
System Databases
Recognized by brand 
Source https://www.theregister.com/2021/01/11/rac_staffer_unauthorised_computer_access/
Data from a U.S. components company is stolen and published.Ene 2021Read More
Headline Data from a U.S. components company is stolen and published.
Year 2021
Month Enero
Country United States
Description 

The NetWalker cracker group – famous for its ransomware attacks, which consist of stealing or encrypting information and demanding a ransom for it – released a 3 GB file containing sensitive data from NameSouth, a U.S. automotive components company. The file – revealed after the company refused to pay the ransom – contains, among other information, tax IDs, names, customer addresses, credit card details and telephone numbers.

 

Intentionality Cracker
Target Vehículo
Company NameSouth
Type of company Components Company
Data / Life Datos
Access Remoto
System Database
Recognized by brand 
Source https://cybernews.com/security/after-refusing-to-pay-ransom-us-based-auto-parts-distributor-has-sensitive-data-leaked-by-cybercriminals/?web_view=true

Calls for review
EUROCYBCAR test


Logotipo de Eurocybcar


Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies