Attacks share same patterns
Instead of directly disrupting corporate headquarters, hackers gained access via third-party infrastructure, subsidiaries, and overseas operations.
The impacted organizations are Nidec, KDDI, Aflac Japan, and Sapporo Holdings. While the attacks involved different contexts, the incidents hint towards an increasing attack surface that expands well beyond a company’s primary network.
About KDDI incident
KDDI, a telecommunications provider, reported illegal access to an email platform used by various Japanese internet service providers.
KDDI reported the incident surfaced from a bug in third-party software, revealing around 14.22 million email account records throughout six ISPs.
The attack shows how a single bug inside shared infrastructure can impact various organizations continuously.
Aflac Japan incident
On June 30, Aflac Japan revealed that between June 15 and June 25, hackers gained access to its Japanese operations. The company claims that some 4.38 million clients and agents were impacted, and a portion of the documents included bank account details used to pay insurance premiums.
According to the insurance, the incident only affected its company in Japan and had no bearing on its operations in the United States.
The alleged tactics are similar to social engineering strategies previously linked to Scattered Spider, even though the business has not linked the attack to any particular threat organization.
Sapporo Holdings and Nidec incident
Sapporo Holdings revealed possible illegal access involving two foreign subsidiaries, Canadian brewer Sleeman and Singapore-based Pokka. After identifying suspicious activity, the company shut down the impacted systems and started an investigation to find out if any data had been taken or accessed.
Nidec, a manufacturing company, has revealed that its Taiwanese subsidiary, Nidec Chaun Choung Technology, was the subject of a ransomware attack.
More than two gigabytes of firm data, including personnel, financial, procurement, manufacturing, legal, and IT information, were allegedly taken by the BlackField ransomware organization, which claimed responsibility for the attack. A $2 million ransom was allegedly demanded by the organization.
Read the original article:
