Japan’s Aflac, KDDI, Sapporo, and Nidec Hit by Four Cyberattacks Targeting Subsidiaries and Third-Party Infrastructure

Published:

spot_img

Japan’s Aflac, KDDI, Sapporo, and Nidec Hit by Four Cyberattacks Targeting Subsidiaries and Third-Party Infrastructure

In a concerning trend, four significant cyberattacks reported in Japan within a two-week span have highlighted a shift in tactics among cybercriminals. Rather than targeting corporate headquarters directly, attackers have increasingly gained access through subsidiaries and third-party infrastructures. This pattern raises alarms across various industries, including insurance, telecommunications, brewing, and manufacturing, as organizations grapple with an expanding attack surface that extends beyond their primary networks.

Aflac Japan Breach Exposes Customer Data

On June 30, Aflac Japan disclosed that its operations were compromised between June 15 and June 25, affecting approximately 4.38 million customers and agents. The breach included sensitive records, such as bank account information used for insurance premium payments. Aflac confirmed that the incident was confined to its Japanese operations and did not impact its U.S. business.

While the company has not attributed the attack to a specific threat actor, the tactics employed bear resemblance to social engineering techniques associated with the group known as Scattered Spider. This incident underscores the vulnerabilities that can arise when attackers exploit indirect access points within an organization.

KDDI Incident Impacts Millions Through Shared Platform

Telecommunications provider KDDI reported unauthorized access involving an email platform utilized by multiple Japanese internet service providers. The breach stemmed from a vulnerability in third-party software, potentially exposing up to 14.22 million email account records across six ISPs. This incident illustrates how a single vulnerability within shared infrastructure can have far-reaching consequences, affecting multiple organizations simultaneously.

Sapporo Holdings and Nidec Target Overseas Subsidiaries

Sapporo Holdings reported suspected unauthorized access involving two overseas subsidiaries: Singapore-based Pokka and Canadian brewer Sleeman. The company detected suspicious activity, shut down affected systems, and initiated an investigation to ascertain whether any data had been accessed or stolen.

In a separate incident, manufacturing company Nidec confirmed a ransomware attack targeting its Taiwanese subsidiary, Nidec Chaun Choung Technology. The BlackField ransomware group claimed responsibility for the attack, alleging it had stolen over two terabytes of company data, including employee, financial, procurement, manufacturing, legal, and IT records. The group reportedly demanded a ransom of $2 million.

A Shared Pattern Across the Japan Cyberattacks

Despite the varied industries and attack methods involved, the four cyberattacks in Japan reveal a common point of compromise. Aflac’s breach was limited to its Japanese operations, while KDDI’s exposure originated from a shared email platform reliant on vulnerable third-party software. Sapporo’s investigation focuses on overseas subsidiaries, and Nidec’s ransomware incident impacted its Taiwan-based operation rather than its headquarters.

These cases suggest a growing trend where attackers are increasingly targeting subsidiaries, shared services, overseas business units, and technology partners, rather than attempting to breach an organization’s primary corporate network.

Growing Risks Across the Extended Enterprise

The incidents underscore the necessity of treating subsidiaries and external partners as integral components of an organization’s overall security perimeter. Organizations that depend on overseas offices, acquired businesses, vendors, or shared platforms may inherit additional cybersecurity risks if these environments are not secured to the same standards as corporate headquarters.

The KDDI incident exemplifies how third-party dependencies can significantly amplify the scale of a breach. Meanwhile, the Nidec cyberattack highlights the ongoing trend of ransomware groups combining data theft with extortion demands. The tactics observed in the Aflac incident further reinforce the effectiveness of social engineering as an initial access method.

As investigations into these incidents continue, the recent disclosures highlight a broader trend. As enterprise environments become increasingly interconnected, subsidiaries, shared infrastructure, and external technology providers are becoming attractive targets for attackers seeking indirect access to larger organizations.

For further insights into these developments, visit thecyberexpress.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

Frontier AI: Six Critical Questions Enterprises Must Pose to Security Vendors

Frontier AI: Six Critical Questions Enterprises Must Pose to Security Vendors The emergence of Frontier AI has become a focal point in cybersecurity discussions, significantly...

DP World Strengthens Egypt’s Logistics Sector with Launch of First Integrated Distribution Centre

DP World Strengthens Egypt's Logistics Sector with Launch of First Integrated Distribution Centre CAIRO: DP World has officially launched Egypt's inaugural fully integrated Logistics Distribution...

Evolving Physical Security: Embracing Deployment Flexibility for Future-Ready Systems

Evolving Physical Security: Embracing Deployment Flexibility for Future-Ready Systems In an era where physical security teams face mounting pressure to modernize their systems, many are...

Data of 310M Temu Users Compromised in Dark Web Breach

Data of 310M Temu Users Compromised in Dark Web Breach A significant cybersecurity incident has emerged involving the e-commerce platform Temu, with reports indicating that...