Unit 42 recently assisted a prominent manufacturer who experienced a severe ransomware attack orchestrated by Ignoble Scorpius, the group that distributes BlackSuit ransomware. This incident serves as a reminder of how a seemingly minor issue — in this case, a single set of compromised VPN credentials — can lead to a full-scale corporate crisis with tremendous impact to the bottom line.
The Attack: A Combination of Reconnaissance and Ransomware
The Ignoble Scorpius attack began with a voice phishing (vishing) call. The attacker impersonated the company’s IT help desk and tricked an employee into entering their legitimate VPN credentials on a phishing site.
With these credentials, the threat actor gained initial network access and immediately escalated their privileges. They executed a DCSync attack on a domain controller to steal highly privileged credentials, including a key service account. Using these compromised credentials, they moved laterally across the network using RDP and SMB, employing tools like Advanced IP Scanner and SMBExec to map the network and identify high-value targets.
The attackers established persistence by deploying AnyDesk and a custom RAT on a domain controller, configured as a scheduled task to survive reboots. (It is important to note that threat actors often abuse and take advantage of legitimate products like AnyDesk for malicious purposes. We are not implying that the legitimate product is flawed.)
The attackers then compromised a second domain controller, extracting the NTDS.dit database containing all user password hashes, and exfiltrated over 400 GB of data using a renamed rclone utility. To cover their tracks, the threat actors deployed CCleaner to erase forensic evidence before unleashing the final blow: BlackSuit ransomware, orchestrated through Ansible, simultaneously encrypted hundreds of virtual machines across approximately 60 VMware ESXi hosts, disrupting operations across the entire infrastructure.
How Unit 42 Helped
When Unit 42 was engaged, we helped the client expand their Cortex XDR deployment from 250 to over 17,000 endpoints, providing enterprise-wide visibility to track the attacker’s every move. We also leveraged Cortex XSOAR to automate containment actions, stopping the attack from spreading further.
Our investigation identified the full attack path and led to some critical recommendations including:
Network Security: Replace end-of-life Cisco ASA firewalls with Next-Generation Firewalls (NGFW), implement network segmentation, and restrict administrative access to critical systems (like DCs and ESXi hosts) to dedicated management VLANs.
Identity and Access Management: Enforce MFA for all remote access, disable NTLM or require EPA, rotate all credentials, and restrict service accounts from being used for interactive logons like RDP.
Endpoint and Server Hardening: Block EFSRPC using RPC filters to prevent PetitPotam/DCSync attacks, deploy and maintain a fully patched XDR solution on all endpoints, and have a strict policy for removing EOL systems.
Logging and Monitoring: Enhance log retention to 90-plus days for critical sources (ESXi, firewalls, Nasuni), ensure logs are properly parsed for effective analysis, and enable features like AWS CloudTrail log validation.
The Outcome
The client was able to achieve several key outcomes:
Financial demand negated: We successfully negated the $20 million ransom demand, ensuring the client paid no ransom.
Expanded visibility: The engagement expanded the client’s endpoint visibility from 250 to over 17,000, creating a robust foundation for future security operations.
Strategic guidance: We provided bespoke, strategic after-incident guidance, helping the client fortify their defenses and prevent future attacks.
Continuous monitoring: Following the incident, the client onboarded Unit 42 Managed Detection and Response (MDR) services for continuous monitoring, ensuring they are better prepared to handle future threats.
The Takeaway
This attack serves as a stark reminder that even a single compromised credential can create a domino effect, leading to a catastrophic security breach. The swift and sophisticated tactics of threat actors like Ignoble Scorpius and their use of BlackSuit ransomware demonstrate the critical need for a proactive and multi-layered defense strategy.
By implementing MFA on all remote access points, and integrating robust endpoint visibility, automated containment, and expert guidance, organizations can not only disrupt an attack in progress but also shore up their defenses to prevent future incidents. Most importantly, investments in proactive security assessments have shown to pay dividends that far outweigh the costs of operational and financial impact of a full-scale ransomware attack.
Interested in learning more about the latest attack trends? If so, take a look at our 2025 Unit 42 Global Incident Response Report, which distills the most critical findings based on our direct experience responding to real-world cyberattacks at over 500 organizations across 38 countries.
Additional Resources
About Unit 42
Unit 42 strengthens your team with the tools and expertise needed to stay ahead of threats like BlackSuit ransomware and protect your business. With our proven strategies and insights from thousands of engagements, we’ll help your team handle the toughest situations with confidence.
Samsung is back with another event this fall, which it has dubbed Worlds Wide Open. The company said that it will use this opportunity to officially unveil its Android XR headset, internally known as Project Moohan. The livestreamed event will…
Your morning poop can be a window into your well-being — if you know what to look for. Thanks to technology, that closer look can now be automated. From AI-powered apps analysing stool colour, shape, and consistency to detect potential…
Spooky season is in full swing, and this extends to Microsoft’s October Patch Tuesday with security updates for a frightful 175 Microsoft vulnerabilities, plus an additional 21 non-Microsoft CVEs. And even scarier than the sheer number of bugs:…
A tiny worm that leaps high into the air — up to 25 times its body length — to attach to flying insects uses static electricity to perform this astounding feat, scientists have found. The journal PNAS published the work on the…
Beyond point-of-care support, clinical decision support solutions also offer powerful analytics. “We’re not just tracking usage—we’re translating it into insights,” said Fulcher. “We can show hospitals what clinicians are searching for, how that aligns with prescribing patterns, and where there are gaps in knowledge or compliance.”
Integration and accessibility: Meeting clinicians where they are
To maximize impact, clinical decision support tools must be embedded into clinical workflows. “The ideal solution is one click away—within the EMR, mobile app, or even Microsoft Copilot,” said Fulcher. “We’re building a hub-and-spoke model where trusted content is accessible wherever clinicians need it.”
Dr. Ahmed Al-Dammas, Chief Data Officer at the Saudi Council of Health Insurance, stressed the importance of seamless access: “If it’s not integrated, it’s not used. Single sign-on, mobile optimization, and HL7 integration are no longer nice-to-haves — they’re must-haves.”
While the clinical benefits are clear, the financial case is equally compelling. “CDS tools reduce adverse drug events, shorten hospital stays, and improve formulary compliance,” said Dr. Abu-Gheida. “That’s real ROI—especially in value-based care models.”
Dr. Osama Hassan added, “If we want to move from fee-for-service to outcomes-based reimbursement, we need solutions that link decisions to results. Wolters Kluwer’s UpToDate® and Medi-Span® do exactly that.”
Looking ahead: A shared vision for safer, smarter care
As the Think Tank concluded, one message resonated: precision medicine is a team sport. It requires collaboration across clinicians, technologists, regulators, and solution providers.
“We’re not just building tools—we’re building trust,” said Fulcher. “And that trust is what turns insight into impact.”
Stocks @ Night is a daily newsletter delivered after hours, giving you a first look at tomorrow and last look at today. Sign up for free to receive it directly in your inbox. Here’s what CNBC TV’s producers were watching on Tuesday and what’s on the radar for Wednesday’s session. Big bank earnings keep rolling Bank of America and Morgan Stanley are set to report quarterly results tomorrow. Bank of America shares are looking to snap a 3-week losing streak. The bank’s CEO Brian Moynihan will be on CNBC 10:30 a.m. ET. Morgan Stanley shares are on track to snap a 5-month win streak. This morning, major financial institutions kicked off the new earnings season on a positive note . Pulse check on Abbott Labs Abbott Laboratories is also set to report earnings before the opening bell on Wednesday. The stock hasn’t budged since December 2021, while the S & P 500 climbed more than 40%. That said, Abbott Labs is on track for its best yearly performance since 2021. ABT 5Y mountain Abbott Laboratories stock over the past five years Leading the skies United Airlines reports earnings after the bell tomorrow. On Tuesday, airline stocks got a boost as oil prices fell to a five-month low amid U.S.-China trade tensions. While the stock has lagged the S & P 500 this year, United has been the best performer among the major airlines. Year to date, United’s stock is up 6%. Last quarter, United Airlines CEO Scott Kirby said travel demand was rebounding after a rocky start to 2025. UAL 3M mountain United Airlines stock over teh past three months. Starbucks in the hot seat Don’t miss “Mad Money’s” interview with Starbucks CEO Brian Niccol tomorrow. Shares have fallen 11% since he took over as CEO last year. As a result, Starbucks is on track for its record forth straight negative year. From aisles to AI Walmart struck a deal with OpenAI to allow shoppers to make faster purchases directly through ChatGPT. As a result, Walmart shares posted their best day since early April, closing up 5%. The stock has doubled in value over the past 2 years.
A core model in Toyota’s multi-pathway portfolio, strengthening the brand’s electric SUV line-up
Robust EV fundamentals: a choice of battery options and powertrains, plus user-friendly charging methods
Designed for car lovers, with a rewarding, fun-to-drive character, founded on Toyota’s dedicated e-TNGA platform
Stylish coupe-SUV design with no compromises in comfort, practicality or safety
To be launched in the UK in early 2025
UK model range and specifications to be announced
The all-new Toyota C-HR+ showcases Toyota’s commitment to creating battery electric vehicles (BEVs) for car enthusiasts, offering emotional appeal through bold design and engaging driving characteristics, coupled with everyday practicality.
Building on the achievements of the Toyota C-HR, which has amassed more than one million sales in Europe through two generations, the Toyota C-HR+ goes further as a stand-alone, all-electric model.
A choice of powerful and efficient all-electric powertrains coupled with fast, convenient charging solutions establish a dependable and desirable foundation for a true BEV and authentic SUV, designed to appeal to a wide customer base in the mid-size C-SUV segment.
A striking design is achieved inside and out without compromising comfort or versatility. The smooth, calm ride typical of an all-electric powertrain is enhanced through additional measures to increase comfort and convenience.
The Toyota C-HR+ is agile, responsive and fun to drive thanks to its rigid chassis and suspension tuning, engineered using the dedicated e-TNGA electric vehicle platform. It also reflects Toyota’s commitment to quality and safety, including the latest driver assistance technologies and a 10-year battery warranty**.
It takes its place alongside the new Urban Cruiser and bZ4X as a core model in Toyota’s all-electric SUV portfolio. This line-up reinforces Toyota’s multi-pathway strategy by joining hybrid, plug-in hybrid and hydrogen fuel cell electric vehicles to deliver sustained vehicle emissions reductions towards achieving carbon neutrality in Europe in 2040.
Power and performance
Two battery options
Faster DC charging supported by battery pre-conditioning
The all-new Toyota C-HR+ is a showcase for Toyota’s latest BEV technologies, establishing the fundamental qualities which express the company’s commitment to building electric vehicles for true car enthusiasts.
To meet different customer needs, whether for day-to-day life in urban traffic or longer journeys and adventures, it is offered with two battery options.
A 57.7kWh (gross capacity) battery delivers a power output of 165bhp (167 DIN hp/123kW) and has a maximum driving range (WLTP cycle) of up to 283 miles*.
For customers wanting more power and greater range, a 77kWh battery provides 221bhp (224 DIN hp/165kW) and delivers up to 378 miles*.
The high-capacity lithium-ion batteries use the latest technologies to give customers fast-charging options. Battery pre-conditioning contributes to a targeted fast DC charging time from 10 to 80 per cent of around 30 minutes in temperatures as low as -10°C. This would mark a 20-minute improvement on charging without a pre-conditioning function.
The pre-conditioning system ensures the battery reaches the ideal temperature before charging begins, allowing for higher charging power, even in cold conditions. This is achieved using a water-to-water heat exchanger which heats all the battery cells evenly and delivers consistent operation.
There are three options for initiating battery pre-conditioning: manually via the car’s multimedia system; scheduled in advance to start at a specific time; and automatic operation when using the car’s navigation system to reach a charging station destination.
An 11kW onboard AC charger is included as standard; high grade model uses a faster 22kW unit, which effectively halves the recharge time.
Driving dynamics
Underfloor battery lowers the centre of gravity and enhances torsional rigidity
Optimised suspension tuning
Regenerative braking options for tailored driver engagement
Insulation and noise damping for a peaceful all-electric ride
Toyota’s dedicated e-TNGA battery electric vehicle architecture provides the foundation for a fun-to-drive experience and comfort for all passengers. The modular platform – also used by the bZ4X model – delivers improved driving dynamics thanks to a BEV-specific design. It is also scalable, enabling the development of different vehicle sizes and powertrains.
The new Toyota C-HR+ exploits the adaptability of the e-TNGA platform to create a unique body and interior while delivering rewarding handling, ride comfort and stability.
An underfloor-mounted battery is a key e-TNGA design feature. By fixing it to the underfloor frame, torsional rigidity is improved by 30 per cent and the centre of gravity is lowered by 65mm compared to the Toyota C-HR. At the same time, ground clearance of 185mm is maintained.
The low centre of gravity and dedicated suspension tuning deliver a refined and comfortable ride, striking an ideal balance between agility and comfort.
Four levels of regenerative braking contribute to an intuitive and engaging drive, selected using paddle shifts behind the steering wheel. The high responsiveness of the electric motor allows coasting deceleration of up to 0.15G when the driver releases the accelerator pedal, operating with a natural feel and compensating for around 80 per cent of deceleration when driving. This feature not only enhances driver control but also maximises efficiency by replenishing the battery during deceleration.
The electric power steering has also been mapped for responsiveness. It adjusts the steering characteristics dynamically, providing a light feel at low speed and a more direct sensation at higher speeds.
The Toyota C-HR+ is equipped with the latest lightweight Toyota eAxle – consisting of inverter, motor and transaxle – with silicon-carbide (SiC) semiconductors for efficiency and high-power output. The unit’s design, incorporating cooling and lubrication systems, minimises energy losses and delivers superior power, stability and quieter performance.
Adding to the ride quality, noise insulating and absorbing materials and silencers have been strategically installed to create a peaceful cabin environment. Optimised body rigidity and high-damping floor adhesive further contribute to onboard comfort.
Engineered for efficiency
Aerodynamic design with low drag
Energy-efficient low-power heat pump
Heated front seats and steering wheel reduce air conditioning demand
The all-new Toyota C-HR+ benefits from several measures which help drivers extend the car’s range while still enjoying a comfortable and engaging drive.
The exterior design blends dynamic proportions with excellent aerodynamic performance, achieving a class-leading 0.26 drag coefficient. This contributes to efficient driving and a long range.
Within a 2,750mm wheelbase (110mm longer than the Toyota C-HR), the underfloor area has been made as flat as possible to minimise turbulence and energy loss. A variety of other measures contribute to a low drag performance on all versions.
The grille-less front face and an air duct in front of the wheels reduce turbulence and smooth air flow. Along the side of the vehicle, concealed rear door handles and aerodynamic wheel designs also support the car’s aero-efficiency.
A roof mounted spoiler and a distinctive ducktail rear end manage air flow away from the vehicle, with fins on the bottom of the rear bumper helping reduce air flow separation.
Several features reduce the impact of the air conditioning on driving range, without compromising comfort. The system uses heat pump that operates at high efficiency with low power usage. By taking thermal energy from outside air to heat the cabin, it uses less power than a standard system.
On cold days, heated front seats and a heated steering wheel – standard across all grades – help reduce reliance on the air conditioning system. They consume comparatively less power than the air conditioning system while still ensuring a comfortable temperature for driver and front passenger.
Stand-out, sleek exterior design
Grille-less face and Toyota’s signature hammerhead design
Distinctive coupe roofline with no compromise on rear headroom
The all-new Toyota C-HR+ has been styled to prompt an emotional reaction at first sight. It communicates agility and purpose from every angle, expressing a stylish modern look.
Its character is based on a strong, coupe-inspired silhouette. The sharply defined lines and sculpted surfaces create a sense of motion even at standstill, while the wide stance and low roofline give the car a sporty stance. The roofline is achieved without compromising headroom for rear seat passengers.
At the front, Toyota’s signature hammerhead design language is expressed through sleek LED headlamps and a clean, grille-less face, characteristic of battery electric vehicles.
Sharply defined character lines at the rear combine with a sleek light design to express an advanced image, while a low rear bumper emphasises the vehicle’s nimble handling.
The stand-out Metal Oxide and Mineral exterior colour options are available as a monotone finish or, on high grade models, a bi-tone combination with a contrasting black roof.
The 20-inch alloy wheels on higher grades are styled to emphasise sportiness and urban sophistication, ensuring the Toyota C-HR+ looks as confident in the city as it does on the open road.
An advanced and spacious interior
“Class above” interior space with generous headroom, front-rear distance and storage
Fully digital seven-inch driver’s combimeter and 14-inch multimedia screen
Premium and sustainable upholsteries
Roominess and all-round visibility help the Toyota C-HR+ stand out in terms of comfort and versatility, alongside technology features, connected services and high-quality materials which create a modern in-car environment.
The cabin provides more space than typically expected of a C-segment SUV, with generous headroom and a 900mm front-rear couple distance. This has been made possible by the 2,750mm wheelbase within an overall vehicle length of 4,520mm.
The load compartment provides 416 litres of storage, achieved thanks to a rear overhang extended by 50mm (compared to the Toyota C-HR). Different boot configuration options create smart storage solutions. The rear seats – divided 60:40 – can be easily folded flat, while an adjustable deck board offers underfloor storage when set to its highest level, or maximum boot space when installed lower down. On selected grades, a power tailgate comes as standard.
A streamlined interior creates an open, welcoming feel. Ambient lighting offers a choice of 64 different colours to create the right mood for any journey. It is not only visually striking but also enhances the perception of space within the cabin, particularly when paired with an optional panoramic roof.
For the driver, a high-resolution, seven-inch full graphic combimeter replaces traditional analogue gauges and features a crisp display that adapts to driving conditions and user preferences. It shows essential driving data, including speed, battery status, range, regenerative braking level and turn-by-turn navigation prompts. Its low-profile, simplified shape is located above the steering wheel, helping the driver keep their eyes focused on the road.
On high grade models, a heated front windscreen and powered driver’s seat with memory function are included in the specification.
Rear-seat occupants have access to air conditioning controls and two USB-C ports with a combined 60W of power, enough to charge larger devices such as laptop computers.
A range of different upholstery materials are offered, according to model grade, including synthetic leather, a suede-like trim, and fabric – all made using recycled PET materials. These sustainable choices help reduce CO₂ emissions while adding to the sporty and refined feel of the interior.
A six-speaker audio system delivers clear, balanced sound, while a JBL Premium Audio option features nine speakers, an 800W amplifier and a nine-inch subwoofer. It is engineered to provide a rich, immersive listening experience that complements the refinement of the all-electric powertrain.
Technologies for safety and connectivity
Toyota Safety Sense and advanced driving assistance features as standard
14-inch multimedia display and seamless mobile phone connectivity
A user-friendly BEV ecosystem via MyToyota app
The Toyota C-HR+’s advanced looks and powertrain are matched by the latest technologies for comprehensive safety, driver assistance and onboard connectivity. Driving is safer and easier with early detection of a wide range of accident hazards and automatic brake activation when needed, and steering and power control to help the driver avoid an impact.
The interior ambient lighting system contributes to safety by providing an additional warning linked to the car’s Safe Exit Assist, lighting the interior door handles red if it detects a risk of a door being opened into traffic approaching from the rear.
Other standard provisions include a Blind Spot Monitor, Adaptive High-beam System headlights and a Parking Support Brake. High grade vehicles gain Lane Change Assist, Front Cross Traffic Alert, Park Assist, and a Panoramic View Monitor.
The 14-inch multimedia digital display is centrally positioned and accessible to both driver and front passenger. Its intuitive interface controls the multimedia functions and cloud-based navigation.
The navigation includes Destination Assist, available through the Drive Connect subscription, which delivers up-to-date routing and real-time traffic data, helping drivers plan journeys with confidence.
Wireless Apple CarPlay and Android Auto enable seamless smartphone integration. A voice agent can be activated with a “Hey Toyota” prompt, enabling natural speech control of the car’s navigation, multimedia and climate functions.
Life is made even more simple and intuitive by the MyToyota app. This includes full connection to the Toyota HomeCharge domestic wallbox, so that owners can easily monitor, manage and control their charging via the app.
New features make it simpler to schedule smart charging for convenience and access to lower electricity tariffs, as well as giving customers the ability to view their billing history at-a-glance.
To replenish the battery away from home, the Toyota Charging Network provides seamless access to one of the largest pan-European EV charging networks, via the MyToyota app. It is now easier than ever to get started, with billing information displayed on the app.
A new feature gives an instant read-out of the vehicle’s state of charge on the user’s mobile device. For easy navigation to a charging point, the Send to Car function allows users to transmit a selected location from their phone directly to their car at the press of a button.
The MyToyota app also allows users to remotely activate the climate control, to heat or cool the cabin efficiently ahead of a journey, reducing the demand on air conditioning systems during the trip and thus potentially enhancing the driving range.
To further maximise range, a BEV coaching tool assesses previous journeys and offers advice on how to improve driving range and efficiency.
Ownership peace of mind
Customers, particularly those purchasing a BEV for the first time, can be assured the Toyota C-HR+ has all the Quality, Durability and Reliability attributes that are a hallmark of the Toyota brand.
In common with all Toyota’s new BEVs, it will come with Toyota’s Battery Care Program which covers the battery each year for up to 10 years of vehicle age or up to 650,000 miles/1,000,000km driven, subject to an annual battery health check**.
Market introduction
The all-new Toyota C-HR+ will be launched in the UK and across Europe in the fourth quarter of 2025.
*All performance data remain tentative prior to homologation.
** Toyota’s confidence in the quality of the battery is reflected in a guarantee it will retain at least 70 per cent of its capacity up to 10 years of vehicle age, covered by the original EV Manufacturing Warranty until eight years of vehicle age or 160,000 kilometres, and with the Battery Care Program up to 10 years of vehicle age or 1 million kilometres driven that is activated by an annual EV Health Check (T&Cs and local country conditions apply).
Toyota C-HR+ provisional technical specifications (tentative data prior to homologation)
DRIVETRAIN
57.7kWh
77kWh
Type
Permanent magnet, synchronous motor
Drivetrain
Front-wheel drive
Toyota system output (bhp/DIN hp/kW)
165/167/123
221/224/165
Motor torque (Nm)
268.6
BATTERY
57.7kWh
77kWh
Type
Lithium-ion
Number of cells
78
104
Rated voltage (V)
288.6
384.8
Capacity (gross, kWh)
57.7
77
PERFORMANCE
57.7kWh
77kWh
Max. speed (mph)
87
99
0-62mph acceleration (sec)
8.4
7.3
Driving range – WLTP, 18in wheels (miles)
283
378
Driving range – WLTP, 20in wheels (miles)
–
350
BRAKES
Type
Ventilated discs
EXTERIOR DIMENSIONS
Overall length (mm)
4,520
Overall width (mm)
1,870
Overall height (mm)
1,595
Wheelbase (mm)
2,750
Front track (mm)
1,605
Rear track (mm)
1,620
Min. running ground clearance (mm)
185
Turning radius – tyre (m)
5.5
Turning radius – body (m)
5.9
Tyre size – 18in
235/60R18
Tyre size – 20in
235/50R20
Wheel size – 18in
18 x 7.5
Wheel size – 20in
20 x 7.5
INTERIOR DIMENSIONS
Length (mm)
1,835
Width (mm)
1,502
Height
1,174 1,153 with panoramic roof
Load capacity, including beneath deck board, seats up, up to bottom of rear headrests (l)
