An unknown cybercriminal group has attacked Kojima.

Incident Date: Jan 28, 2022

Attack Overview

VICTIM

Kojima Industries

INDUSTRY

Manufacturing

LOCATION

Japan

ATTACKER

Unknown

FIRST REPORTED

January 28, 2022

Request Removal

Cyberattack on Toyota Motor's Supplier Halts Production

A cyberattack on Toyota Motor's supplier, Kojima Industries, halted production for a day. Kojima, a plastic parts and electronic components manufacturer that supplies Toyota, said it discovered an error on one of its file servers on February 26th, 2022. The attack suspended Toyota's operations for all of March 1st, 2022, impacting around 13,000 vehicles, as Kojima was not able to ship parts. The incident impacted 14 Japanese factories.

The Attack and Its Implications

While it is unclear what ransomware group attacked Kojima, the use of the powerful Emotet malware reportedly increased in the first week of February, suggesting that it may have been used. Emotet was a sophisticated and highly destructive malware that first emerged in 2014 as a banking Trojan. Over time, it evolved into a powerful botnet and became one of the most prevalent and dangerous malware strains worldwide. Its primary goal was to steal sensitive information, such as banking credentials, and enable other malicious activities, including the distribution of additional malware.

How Emotet Operates

Emotet operated primarily through spam email campaigns, using social engineering techniques to trick users into opening infected attachments or clicking on malicious links. These emails often appeared to be legitimate, mimicking trusted organizations or individuals. Once a user interacted with the malicious content, Emotet would infect the victim's system and establish persistence, making it challenging to detect and remove. The malware used various techniques to propagate within a network, such as brute-forcing weak passwords, exploiting vulnerabilities, and spreading laterally by compromising other devices. Emotet's modular structure allowed it to download and install additional payloads, such as banking Trojans, ransomware, or other malware, depending on the attacker's objectives.

International Efforts Against Emotet

A coordinated international task force dubbed "Operation Ladybird" attempted to combat Emotet in January 2021. The effort disrupted infrastructure supporting Emotet, effectively disabling its command-and-control servers and disrupting its operations. While the task force significantly reduced Emotet's prevalence, it reappeared in early 2022.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.