Seiko Breach

12213037664?profile=RESIZE_400x

A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com.  Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server.  An investigation showed that some information may have been compromised.   “The Company and all our Group companies kindly ask our customers and business partners to contact us immediately if you receive any suspicious or unusual emails or notifications from us,” the Seiko spokesman said.[1]

The ransomware group BlackCat and ALPHV has now taken credit for the attack. It has started leaking files taken from Seiko systems after the victim refused to respond to its extortion attempts.

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing Ransomware as a Service (RaaS) gig economy.  It is unique due to its unconventional programming language (Rust), multiple target devices and possible entry points, and affiliation with prolific threat activity groups. While BlackCat’s arrival and execution vary based on the actors deploying it, the outcome is the same target data is encrypted, exfiltrated, and used for “double extortion,” where attackers threaten to release the stolen data to the public if the ransom is not paid.

First observed in November 2021, BlackCat made headlines because it was one of the first ransomware families written in the Rust programming language.  By using a modern language for its payload, this ransomware attempts to evade detection, especially by conventional security solutions that might still catch up in their ability to analyze and parse binaries written in such language.  BlackCat can also target multiple devices and operating systems. Microsoft has observed successful attacks against Windows and Linux devices and VMWare instances.

 

See:  https://redskyalliance.org/xindustry/blackcat-is-no-nice-kitty

The cybercriminals claim to have stolen 2 TB worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors. 

The ransomware group has published screenshots demonstrating that they have obtained contracts and other corporate documents, confidential technical documents, passport copies, and emails.  One screenshot shows they still had access to Seiko's email systems on 14 August 2023.

The hackers are threatening to either sell or leak the information stolen from Seiko if the company refuses to meet their demands.  The BlackCat group has targeted several major companies in the past year, including Australian law firm HWL Ebsworth, Reddit, Canadian Constellation Software, and US payments giant NCR.

 

[1] https://www.securityweek.com/ransomware-group-starts-leaking-data-from-japanese-watchmaking-giant-seiko/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!