Tag Archive for: Japanese

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

/in


Japanese watchmaking giant Seiko has confirmed that the ransomware attack discovered a few months ago resulted in a data breach affecting customers, business partners, and employees.

Seiko revealed on August 10 that it had identified a possible data breach in late July. The company said at the time that hackers had gained access to at least one server and its investigation showed that some information may have been compromised.   

Roughly ten days later, the ransomware group known as BlackCat and ALPHV took credit for the attack and started leaking files taken from Seiko after the company refused to respond to its extortion attempts. 

The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors. 

At the time, they threatened to leak or sell the data unless their demands were met, and in mid-September they made all the information public on their Tor-based leak website. 

Seiko released another statement on the incident on Wednesday, confirming that a total of roughly 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised.

According to Seiko, compromised data includes SWC customer information, including names, addresses, phone numbers, and email addresses. The company says payment card information was not stolen. 

In addition, the attackers stole SGC, SWC, and SII business partner information such as name, job title, company affiliation, and company contact details.

Advertisement. Scroll to continue reading.

The names and contact information of current and former employees, as well as job applicants, was also stolen by the ransomware group. 

“As part of our ongoing response, we temporarily blocked external communication with the affected servers and have installed EDR (Endpoint Detection and Response) systems on all servers and PCs to detect unauthorized activity. We have also implemented measures such as multi-factor authentication to prevent further breaches,” Seiko…

Source…

Japanese watchmaker Seiko struck by BlackCat/ ALPHV ransomware attack

/in


Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility.

The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken place on July 28. According to Seiko, an unidentified party or parties gained unauthorized access to at least one of its servers. The company hired external cybersecurity experts who confirmed that a breach had taken place.

The statement from Seiko notes that the company is verifying the exact nature of the information that was stored on the impacted servers and would provide more information when available, though that was nearly two weeks ago.

Screenshot of the ALPHV leaks site

Exactly what was stolen has emerged on the dark web leak site for the ALPHV ransomware group. According to a statement on its site published this morning, the group has obtained a long list of internal documents, including watch blueprints and designs, sales reports, invoices, employee emails, employee personal data, contracts and audits.

BlackCat/ALHPV claims that since the company refused to negotiate a payment with them, it’s now starting to publish the stolen data.

“All the data belonging to Seiko Group Corporation will be released for free download in closest future in case if we will not make an agreement with their management or we will not met an offer from buyers which we will not be able to refuse,” the group wrote.

Of the initial documents shared, some are in Japanese, but others show what appears to be blueprints and pictures of watch designs, the first page of a 2007 agreement between Seiko and Barclays Bank PLC, and a copy of someone’s passport for good measure.

The publication of a small tranche of stolen documents is typical of modern ransomware groups attempting to force a company to make a ransom payment to stop the further release of the stolen documents. The amount being demanded from Seiko was not disclosed by the group.

BlackCat/ALPHV was previously in the news in June when it targeted Casepoint Inc., a legal discovery technology company. The group was also in the news in April when it targeted retail…

Source…

Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port

/in


After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up.

The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked on July 4, 2023, forcing the suspension of all container trailer operations, according to a notice from the Nagoya Harbor port authority.

The port authority said at the time it was working tirelessly to get the Nagoya Port Unified Terminal System (NUTS) back up and restart operations quickly. While authorities did not name perpetrator in the attack, Lockbit 3.0 eventually claimed credit.

“This incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age,” said Craig Jones, vice president of security operations at Ontinue.

“Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains,” said Jones. “It’s clear that such attacks not only pose security risks but also can have considerable economic impacts.”

He added that since “the Port of Nagoya is Japan’s busiest port, handling approximately one-tenth of the country’s total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy.”

It could also have resounding and profound effects on a supply chain already marked by unprecedented disruption. “The impact may be especially significant considering the current global supply chain issues already exacerbated by the COVID-19 pandemic,” Jones said.

The security community is well-acquainted with Lockbit 3.0, the pro-Russian cybercriminal gang that said it was behind the attack on the port. “Lockbit 3.0, also known as Lockbit Black, represents a new era of ransomware sophistication. The Cybersecurity and Infrastructure Security Agency (CISA) previously warned about its modular and evasive nature, drawing similarities with other notorious ransomware variants such as…

Source…

Japanese automotive hose maker Nichirin hit by ransomware attack

/in


TOKYO, June 22 (Reuters) – Japanese automotive hose maker Nichirin Co. (5184.T) on Wednesday said that a U.S. subsidiary had been hit by a ransomware attack forcing it shut down its computerised production controls.

The U.S. unit, which supplies hoses to Japanese carmakers, has switched to manual production and shipping in order to keep parts flowing to customers, it said in a media release.

“We are investigating what impact this may have on our customers, and we will promptly disclose any necessary information,” the company said.

Nichirin also posted a warning on its website about possible spoof emails that appeared to be from the company and asked recipients not to open any attached files.

Register now for FREE unlimited access to Reuters.com

Reporting by Tim Kelly; editing by Jason Neely

Our Standards: The Thomson Reuters Trust Principles.

Source…