Cyber Incident Victim: Nissan
Date:
Jan 2016
Location:
Japan
Summary
A major automotive manufacturer experienced a distributed denial-of-service (DDoS) attack that forced its global and Japanese websites offline, while its US and European platforms remained operational. Hacktivists associated with Anonymous claimed responsibility, targeting the company as part of the OpWhales campaign to protest Japan's dolphin and whale hunting practices, specifically citing media censorship around the Taiji dolphin hunts. The attackers emphasized they did not compromise customer or system data, aiming solely to disrupt services and raise awareness. The company proactively suspended affected websites to mitigate risks, stating customer privacy and information security were top priorities, with continuous monitoring and aggressive protective measures in place. The incident coincided with a major auto industry event where the firm had recently unveiled a new vehicle concept.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 13, 2016, Nissan Motor Corporation suspended its global and Japanese websites following a distributed denial-of-service (DDoS) attack that overwhelmed the sites with excessive traffic, rendering them inaccessible. Hacktivists associated with the Anonymous collective publicly claimed responsibility for the attack via social media, framing it as retaliation against Japan’s whaling and dolphin-hunting practices, specifically referencing the annual dolphin culls in Taiji. The attackers explicitly stated the operation—part of their broader “OpWhales” campaign—targeted Nissan as a prominent Japanese corporation to circumvent domestic media censorship of the dolphin hunts and amplify international awareness. They emphasized their actions were not intended to compromise customer or corporate data but solely to disrupt services. This incident coincided with Nissan’s participation in the Detroit Auto Show, where it had unveiled a concept pickup van the preceding day, though the company’s US and European websites remained operational throughout the attack. The hack followed a series of similar Anonymous-led assaults against Japanese government entities, including the president’s office, and mirrored earlier November 2015 attacks against Icelandic institutions under the same campaign, which had disabled most Icelandic government sites for approximately 13 hours.
Nissan responded by proactively taking its affected websites offline to mitigate further risks, prioritizing the protection of its information systems and customer data. A company spokesperson confirmed the suspension was a precautionary measure against the DDoS attack and reiterated Nissan’s commitment to continuous monitoring and “aggressive steps” to safeguard its digital infrastructure. The incident caused no reported data breaches or permanent system damage but resulted in temporary service interruptions for users accessing Nissan’s primary global and Japan-facing domains. The attackers framed their actions as symbolic, leveraging Nissan’s corporate stature to draw attention to ecological concerns while avoiding physical or data-centric harm. Nissan maintained neutrality regarding the activists’ underlying cause, issuing no statements about Japan’s whaling or dolphin-hunting policies and focusing exclusively on its technical response to the disruption. Service restoration timelines were not disclosed in available reporting.