Kia Motors hit by huge IT outage. Ransomware attack unconfirmed.

"IT service outage has impacted some internal networks"

Kia Motors hit by huge IT outage. Ransomware attack unconfirmed.

Kia Motors USA is experiencing a nationwide IT outage affecting servers underpinning the company's widely used owner application, dealer platforms, and phone support in an incident that has already lasted four days.

"We are currently experiencing an IT service outage that has impacted some internal networks", Kia told customers. With the central US facing a huge cold front that has left over 21 dead, many customers were particularly vocal about their inability to remote-start their vehicles using the UVO application.

Kia Motors America told Bleeping Computer, which first reported the incident, that it was "aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible."

https://twitter.com/pyoor/status/1361814728629047298

The length of the incident suggests it may be the result of a ransomware attack.

If so -- and that speculation remains unconfirmed, although employees have told customers this is the case -- then it would follow a similar successful attack on Honda in the US last year.

Honda plants were also brought to a standstill by the incident, first reported in June 2020. Several security researchers reported at the time spotting Honda computers with Remote Desktop Protocol (RDP) publicly exposed, suggesting that may have been one of the initial threat vectors.

The attack came after Honda in 2019 also left an Elasticsearch database exposed to the public, with upwards of 40GB of data relating to the firm’s internal systems and devices spotted by security researchers. Security researcher Justin Paine, who spotted the database on Shodan, said at the time: “The information available in the database appeared to be something like a inventory of all internal machines.

“This included information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.”

More detail as we get it.

Do you know more about this Kia Motors outage? Get in touch.

See also: Hack AWS resources with this new Red Team tool