News

Cyber attacks shake Japanese automotive supply chain

LAST EDITED:
PUBLISHED:

Blackpanda incident response and digital forensics analysts continue to monitor a series of critical attacks against Japan's automotive industry.

Blackpanda incident response and digital forensics analysts continue to monitor a series of critical attacks against Japan's automotive industry. The Toyota Group ecosystem not only represents a core pillar of the global economy, but comprises nearly 60,000 companies across tier one through four partners. In early March 2022, the international group Denso, one of Toyota’s tier-1 providers, confirmed a ransomware attack against its core operations in Germany. 

This attack was purportedly carried out by the Pandora group, which we believe might be a reincarnation of the Rook ransomware group  listed Denso as a potential victim in 2021. This warning could be addressed with proper threat intelligence that monitors and alerts any time your domain is mentioned across the deep web. The criminal gang is now threatening to release 1.4 terabytes of critical information, including purchase orders, customer and corporate communications and intellectual property including designs and drawings. This comes just weeks after an attack on Kojima industries, another tier one supplier to Toyota. 

During the five days that this purchase ordering system was out, Toyota had to close down 14 of its local production facilities. The attack also impacted the supply chain and operations of two other manufacturers. Although we cannot confirm at this point whether this is part of a coordinated campaign against the Toyota group, Blackpanda would encourage all manufacturers and suppliers in the region and across the automotive supply chain to continue monitoring their systems and remain vigilant. 

This attack should serve as a reminder that critical data needs to be backed up and kept offline. In the event of a ransomware attack, you need to ensure that you have tested your backups for integrity, and that you can restore systems to operational efficiency. 

We also encourage companies to seek out compromise assessment services, as these can help them assess whether their existing systems have been compromised. Additionally, we highly recommend that every business checks with their operating partners that the correct access controls and permissions are in place across these organisations. 

If you believe that your organisation may be experiencing a cyber breach, contact Blackpanda immediately for prompt incident response.

News
Novice

Related articles

React & Respond

How to respond to ransomware

How your company can protect itself from ransomware and what to do in the event of an attack. ​

News

Unveiling Blackpanda’s Revamped Brand

The Blackpanda brand has undergone a revamp to bring it in-line with our stated mission to democratise cyber resilience. Tech-driven and hyper-focused on cyber incident response, our refreshed brand represents Blackpanda better than ever before.

Protect & Defend

Karma ransomware rapid evolution

Initially discovered at the end of June 2021, Karma ransomware is a relatively new malware. Researchers from SentinelOne found that the individual developer, known by the name ‘Eugene’, is rapidly updating Karma and continuously adapting it to cutting edge ransomware techniques. There is a strong possibility that affected companies have paid the requested ransoms, based on the lack of comment activity from Karma Site_admin on dark web forums.

View all

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cyber security news that helps you stay informed. Test it today, you can always unsubscribe. 

Let’s talk
Blog
Novice