Ransomware attack in Japan, Darkweb report, June 30th – July 7th - This Week In Security

This week Koichi is back as editor for another round-up of the news. This time I chose these security topics: Niconico/Kadokawa incident, JAXA, and other (Japanese company cyber attack incidents); a new law of Chinese government; and Google opens dark web leakage report.

 

The largest information breach in the history of cybercrime in Japan

On June 8th, one of the most popular Japanese video sharing sites (like Youtube) had to be shut down because of a cyber attack. The attacker breached not only the video sharing site; it breached entire corporate groups, including Kadokawa, one of the media conglomerates. The video streaming site needs more than a month to restart the service. All of the subscription services are stopped but still charged customers (they can not change/halt the subscription contract). To contain the cyber attack, Kadokawa's engineer had even turned off the power of the data center. However, the incident was not over.

One of the gossip media reported that Kadokawa was threatened by a ransom group "Black Suit", and still be threatened by a ransom group that leaking more contract information and more “important” on July 1st. The business stopped for more than one month. Reputational and business impact are quite huge. On June 28th, Kadokawa apologized regarding information leaks and disclosed the type of information confirmed to have leaked — it includes the personal information of the company members and contracted artist. On July 1st, Black Suit leaked additional information on the darkweb, as they announced. On July 2nd, Kadokawa admitted that.

On July 3rd, it is announced that an information leak has occurred concerning KADOKAWA DWANGO GAKUEN — the online high school. On the same day, as a result of an intensive investigation into the information leak by the task force and external specialist organizations, the types of information identified as having a high possibility of external leakage were announced.

This incident was the first cybercrime in Japan’s criminal history to completely shut down a major company’s business. The incident raised public awareness of the threat of cybercrime and ransomware.

Source: https://xtech.nikkei.com/atcl/nxt/column/18/00001/09422/ , Hackers behind Kadokawa cyberattack claim new info leak 

More cyber attacks against Japanese companies

JAXA's case

On June 21, Japan Aerospace Exploration Agency : JAXA (similar to NASA in US) announced that they had been attacked four times (from 2023 to 2024) by cyber crime groups, and the possibility that many classified documents are leaked. The leaked info includes personal information of officers, employees, and temporary staff. The VPN equipment, which is used by company members caused the breach. People are worrying that this leakage might threaten the joint project with the other countries.  The cyber-attacks may have resulted in unauthorized access to documents and other information that JAXA has signed non-disclosure agreements with external companies and other parties.

Source: Japan’s Space Agency Was Hit by Multiple Cyberattacks, but Officials Say No Sensitive Data Was Taken

ISETO's case

ISETO, a printing service company, has been cyber-attacked by a ransomware group and the damage is spreading to their contractors. So far, it has been found that at least nearly 1.5 million personal data, including information on citizens and companies, may have been leaked. The ransom group had encrypted multiple servers and PCs and those were subjected to ransom.

According to several security companies, in June, a group of hackers calling themselves '8Base' announced a statement of their crime and disclosed the data they claimed to have stolen.

8Base is also known to use phishing emails as a starting point for attacks, and to infiltrate networks by stealing access rights. It eventually infects the network with ransomware, a ransom-type computer virus, and encrypts the data. 

Source: https://www3.nhk.or.jp/news/html/20240705/k10014502531000.html

NTT DATA's case

On July 3rd, NTT DATA, Japanese multinational information technology (IT) service and consulting company announced that their Romanian base had been cyber-attacked. An unauthorized access to their "nttdata.ro" domain took place on June 14, and they denied that the attack was a ransomware attack. NTT DATA also announced that the attacked domain handles only information on business operations at its Romanian base, and that it is unlikely to affect customers in Japan. The company will report again if new information becomes available as the analysis progresses.

However, a hacker group announced that they breached NTT DATA Romania branch and they stole 230 GB of strategic data and is threatening to publish the stolen data in the coming days.

Source: Major Romanian IT Company Reportedly Hit By Cyber Attack. NTT DATA Romania: “No Ransomware Attack”

My Thoughts

In the last few years, there has been an increase in ransomware attacks and cyber-attacks that seem to have understood the value of the data inside. I guess it is because of the development of Generative AI, which made it possible for non-native Japanese to read the internal Japanese documents. 

Google dark web monitoring report will be free for all the users.

Google has announced that the 'Dark Web Report' feature for its paid membership plan, Google One, will be offered free of charge to all Google account holders. The 'Dark Web Report' is a feature that allows users to easily check whether their personal information is being traded on the Dark Web. Based on the name, address, telephone number, email address, Social Security Number (SSN), username, and password added to the user's profile, the data on the Dark Web is checked, and if there has been a breach of information. A report with recommendations on how to protect personal information is emailed.

Source: Google's dark web monitoring service will soon be free for all users