Nissan Motor Corporation was listed on the dark web on 10 January 2026 by the Everest ransomware gang, which is threatening to publish allegedly stolen data in just over four days if ransom payment is not made.
“The files will be published after the timer counts down. The company still has time to get in touch with us,” the threat actor said.
According to the listing, Everest exfiltrated 900 gigabytes of data, containing roughly 60,000 txt files, 17,000 csv files, 31,000 zip files, and 47,000 zip files.
The sample posted by the threat actor contains screenshots of file trees that include folders and files referring to business data, such as marketing and sales, dealer orders, validation reports, dealer information, communications, warranty analysis and more.
Additionally, many of the files seem to refer to Nissan Motor Corporation’s Canadian operations, naming both dealerships for Nissan and Infiniti, the group’s luxury car brand. However, a list of dealer names seems to refer to US-based operations.
Nissan Motor Corporation has yet to issue a statement regarding the incident. Cyber Daily has reached out to the company for more information.
Who is Everest?
Everest said it no longer deploys ransomware, but that is definitely how the group started out in 2020.
Since then, however, it has shifted to acting more as an initial access broker, according to some reports, but the group has certainly claimed its fair share of high-profile victims, including the 2021 Colonial Pipeline attack. It is actively recruiting partners via its leak site.
The group – thought to be Russian-speaking – uses a variety of initial access methods, ranging from exploiting weak or stolen credentials (which was likely the case with Collins Aerospace), insider recruitment, and remote access tools.
The Nissan listing comes just days after the company named Chrysler on its dark web leak site, claiming to have stolen 1,088 gigabytes of data.
“Including this information: Personal and contact information of individuals: names, phone numbers, addresses, dates of birth, and email addresses,” Everest said.
“Agent work logs: records of attempts to call found numbers, call statuses (wrong number, voicemail, busy), as well as updates on the vehicle’s status (sold, repaired, owner not found), and so on.”
The group said that Chrysler “failed to respond by the deadline” and posted the data it had.
It is unclear if the Chrysler breach has any connection to the 2025 Stellantis breach.
While neither carmaker confirmed the incident, Everest claimed a breach of PC hardware giant ASUS just days prior, a claim the company confirmed.
“An ASUS supplier was hacked,” ASUS said in a statement.
“This affected some of the camera source code for ASUS phones. This incident has not impacted ASUS products, internal company systems, or user privacy. ASUS continues to strengthen supply chain security in compliance with cyber security standards.”
The statement follows a 2 December post on Everest’s leak site, which claimed that the hackers had compromised “camera source code” alongside a one-terabyte database. Since then, however, Everest has released more details of the allegedly stolen data.
“The files include data from ASUS, ArcSoft, Qualcomm,” Everest said.
Daniel Croft