Japan Archives - ICSSTRIVE

Toyota T-Connect Source Code Exposed on Github for 5 Years

September 15, 2022

Toyota Motor Corporation customers’ personal information may have been exposed after an access key was publicly available on GitHub for almost five years. The T-Connect site source code was mistakenly published on GitHub. The code contained an access key to the data server that stored customer email addresses and management numbers.

Toyota T-Connect is the automaker’s official connectivity app that allows owners of Toyota cars to link their smartphone with the vehicle’s infotainment system.

Toyota Databreach for Ten Years Exposes Car Location Data of over 2M Customers

April 17, 2023

Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. “It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” reads the notice (machine translated). No customers are believed to be at risk of criminals tracking down a user’s car, as they would be difficult to track without knowing a target vehicle’s VIN.

This incident exposed the information of customers who used Toyota’s in-car smart service T-Connect for voice assistance, customer service support, car status and management, and on-road emergency help between January 2, 2012, and April 17, 2023.

Japanese Bicycle Manufacturer Shimano hit by Lockbit Gang

November 3, 2023

World-leading bicycle part manufacturer Shimano has suffered a major cyber attack. 4.5 terabytes of sensitive data breached including employee passport data, financial documents and confidential diagrams.

LockBit gave Shimano a 5 November deadline to pay ransom, to which it appears Shimano refused to pay, as the hacking group has listed the company’s data as published. Shimano is yet to issue a statement on the breach, but responding to media inquiries, the company said: “This is an internal matter at Shimano, and we cannot comment on anything at this time.”

Medusa Ransomware Gang Demands $8M Ransom from Toyota

November 16, 2023

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. The Medusa ransomware gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company. The threat actors gave Toyota 10 days to respond, with the option to extend the deadline for $10,000 per day. While Toyota Finance did not confirm if data was stolen in the attack, the threat actors claim to have exfiltrated files and threatened that the data will be leaked if a ransom is not paid.

Akira and Blackbyte both claim Cyberattack at Yamaha Music Equipment Manufacturer

June 14, 2023

Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company. On June 14, the company was posted on the Black Byte ransomware gang’s list of victims, according to cybersecurity expert Dominic Alvieri. But on Friday, Yamaha appeared on the leak site of the Akira ransomware group.

Yamaha Canada Music said the attack “led to unauthorized access and data theft.” “In response, we swiftly implemented measures to contain the attack .. to prevent significant damage or malware infiltration into our network.” The company did not respond to requests for comment about whether the incident involved ransomware.

“Yamaha Canada has been notifying affected individuals, and we are offering credit monitoring services to those at risk of potential harm

Lockbit Attacks US Networks of Largest Zipper Manufacturer in Japan

June 6, 2023

Japanese zipper giant YKK confirmed that its U.S. operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused. The Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson told Recorded Future News that once YKK discovered that its U.S.-based networks were targeted, the cybersecurity team “contained the threat before significant damage was done or sensitive information was exfiltrated.”

“The incident did not have a material impact on our operations or our ability to continue to serve our customers,” said Jessica Kennett Cork, vice president of corporate communications at YKK Corporation of America.

Seiko Suffers Ransomware Attack

July 28, 2023

Seiko Group Corporation confirmed it suffered a data breach July 28 and is apparently a victim of a ransomware attack, according to a Monday post on an attack group’s website.
Seiko, a watchmaker with 12,000 employees and an annual revenue over $1.5 billion, said in an advisory: “It appears that some as-yet-unidentified party or parties gained unauthorized access to at least one of our servers. Subsequently, on August 2nd, we commissioned a team of external cybersecurity experts to investigate and assess the situation.
“As a result, we are now reasonably certain that there was a breach and that some information stored by our company and/or our group companies may have been compromised.

Hacktivists Take Down Multiple Japanese Government Websites

September 6, 2022

A pro-Russia hacker group has claimed to be involved in attacks on Japanese government and company websites.

The DDoS attack on the e-Gov website shut down the site for a few hours on Sept. 6. It then became inaccessible again around noon on Sept. 7 until early morning, Sept. 9. The e-Gov website allows users to request disclosure of administrative documents and provides information on laws and regulations. The site receives about 7.8 million hits a day.

In addition, between Sept. 6 and 9, the attacks made 23 government websites temporarily inaccessible. These sites belonged to the Digital Agency, the Internal Affairs and Communications Ministry, the Education, Culture, Sports, Science and Technology Ministry and the Imperial Household Agency. Some sites of credit card business JCB Co. were inaccessible, while websites of social media company mixi, Inc. were also hard to access.

On September 6, 2022, the website of the Nagoya Port Authority was unreachable for about 40 minutes.

Container Processing Halted at The Port of Nagoya

July 4, 2023

The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack. The attack occurred around 6:30AM on July 4. A notice was issued reporting a malfunction in the “Nagoya Port Unified Terminal System” (NUTS), the central system controlling all container terminals in the port.

The attack held up shipments of Toyota auto parts containers for two days, but the port reopened Thursday morning.
All container loading and unloading operations at the terminals using trailers were canceled, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan. LockBit 3.0 was confirmed as the attacker.

Eisai Pharma Takes Systems Offline After Ransomware Attack

June 3, 2023

Japanese pharma group Eisai Co., Ltd. says it is battling a ransomware attack that was launched on June 3. This resulted in some of its servers becoming encrypted. The attack affected servers both within and outside Japan, and resulted in some of the group’s IT functions, including logistics systems, being taken off line.

For now, it says the corporate websites and email services remain operational, and there’s no clear indication yet whether sensitive data has been leaked. “Eisai Group is working closely with external experts and law enforcement in an effort to protect its systems and to make a successful recovery.”

“Any potential impact of this incident on the consolidated earnings forecast of this fiscal year is currently under careful examination,” it said.

At the time of writing, it’s not clear if the attack is linked to the other recent data hacks of Cl0p ransomware gang.

« Older Entries