Nissan Motor Corporation Targeted by Everest Ransomware Gang
Nissan Motor Corporation has been prominently featured on the dark web since January 10, 2026, by the Everest ransomware group. The organization is threatening to publicly disclose purportedly stolen data in a little over four days unless a ransom is remitted.
“The files will be released once the countdown concludes. The company still has the opportunity to contact us,” stated the threat actor.
As detailed in the listing, Everest claims to have exfiltrated a staggering 900 gigabytes of data. This compilation allegedly includes approximately 60,000 text files, 17,000 CSV files, and 31,000 ZIP files.
The sample shared by the group showcases screenshots of directory structures containing references to critical business information. This includes areas such as marketing, sales, dealer orders, validation reports, and warranty analyses.
Moreover, a significant number of these files pertain specifically to Nissan’s operations in Canada, highlighting various dealerships for both Nissan and its luxury brand, Infiniti. Notably, some names mentioned in the file directory seem to correlate with dealerships based in the United States.
Nissan has yet to release an official statement regarding this incident. Cyber Daily has initiated contact with the company to acquire further insights.
Who is Everest?
Initially, Everest operated as a ransomware group since its inception in 2020, although it has since transitioned to functioning primarily as an initial access broker, as indicated by multiple reports. The group has made headlines claiming numerous high-profile victims, including the notorious 2021 attack on Colonial Pipeline. Currently, Everest is seeking to recruit partners through its leak site.
Believed to consist of Russian-speaking members, Everest employs a range of initial access methodologies. These tactics include exploiting weak or compromised credentials—evidently the case with Collins Aerospace—insider recruitment, and utilizing remote access tools.
The recent listing concerning Nissan follows closely on the heels of the group previously naming Chrysler on their leak site, claiming to have compromised 1,088 gigabytes of data from the automotive giant.
Specifics of the leaked data include personal contact details such as names, phone numbers, addresses, birth dates, and email addresses. Furthermore, records of agents’ work logs—detailing efforts to reach listed phone numbers, call outcomes, and updates about vehicle status—were also divulged.
Everest contended that Chrysler had “failed to respond by the deadline,” prompting the group to release the data publicly.
It remains ambiguous whether there is any connection between the Chrysler breach and the 2025 incident involving Stellantis.
Despite neither automaker confirming the breach, Everest’s claims surrounding a recent incursion of PC hardware titan ASUS were acknowledged just days prior, further corroborated by the company itself.
“A supplier of ASUS was compromised,” the company stated. “This breach affected specific camera source code for ASUS devices. Importantly, no impact on ASUS products, internal systems, or user privacy has occurred. ASUS is committed to bolstering supply chain security in line with cybersecurity standards.”
This statement followed a post from Everest on December 2, indicating a breach involving “camera source code” along with a one-terabyte database. Since that announcement, Everest has progressively disclosed additional specifics regarding the purportedly stolen files.
Source link: Cybersecurityconnect.com.au.
