Fraud Management & Cybercrime , Operational Technology (OT) , Ransomware
BlackCat Ransomware Group Targets Japanese Watchmaker Seiko
Seiko Hints at Data Breach But Declines to Address BlackCat’s ClaimsThe BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its exploit.
See Also: OnDemand I Protecting your ICS Environment From Ransomware
The ransomware group published screenshots of files stolen from the Japanese watchmaker, stating that "all 13 trusts have been locked" less than two weeks after the company announced a data security incident had occurred.
Seiko Group Corp. announced earlier this month that it had detected unauthorized users accessing some of its servers. The company initiated an investigation with assistance from a cybersecurity vendor and determined on Aug. 2 that some of the information stored in the compromised servers had been leaked.
The 142-year-old watchmaking giant, which reported net sales of $1.7 billion in the financial year ending March 2023, said its investigation into the data security incident is in progress and any additional findings will be announced in due course.
The BlackCat group has so far not shared details about the data it said it stole from Seiko's servers or whether it has given the company a deadline to pay a ransom.
The incident reflects a rise in attacks targeting Japanese entities, particularly in the manufacturing sector. Threat intelligence company Rapid7 in June said Japan's $1 trillion manufacturing industry is a prime target for ransomware and state-sponsored threats, and nearly one-third of all ransomware victims belong to the automotive and general manufacturing sectors (see: Cybercriminals Zero In on Japan's Manufacturing Sector).
The company's principal security analyst, Paul Prudhomme, said ransomware gangs have succeeded in their extortion demands because automotive and manufacturing organizations have a lower tolerance for disruptions and downtime.
In early July, the Russian LockBit 3.0 group targeted the Port of Nagoya, Japan's largest cargo hub, disrupting shipments of Toyota auto parts containers for two days. The major shipping and transportation hub between Tokyo and Kyoto is the birthplace of Toyota Motor Corp. (see: Japanese Port Reopens After Russian Ransomware Group Attack).
The FBI said BlackCat leverages previously compromised user credentials to gain initial access to the victim's system and then compromises Active Directory user and administrator accounts.