Nidec Corporation, a leading Japanese tech company, has disclosed that it was targeted by a ransomware attack earlier this year, during which hackers stole sensitive data and later leaked it on the dark web. The attackers attempted to extort Nidec, but after their demands were refused, they published the stolen data.
Key Details:
Nature of the Attack: Unlike typical ransomware attacks, this incident did not involve file encryption, and Nidec has stated that the situation is now fully remediated.
Potential Risks: The company warns that leaked information could be exploited in more targeted phishing attacks against Nidec’s employees, contractors, and associates.
Global Presence: Nidec Corporation is a major player in the manufacturing sector, specializing in precision motors, automotive components, industrial parts, home appliance parts, and robotic systems.
Scale of Operations: The company operates in 40 countries worldwide, employs around 120,000 people, and generates over $11 billion in annual revenue.
Despite the resolution of the immediate threat, Nidec is advising all stakeholders to remain vigilant against potential phishing attempts that might arise from the exposed data.
Nidec Precision breach
The cyberattack that targeted Nidec Corporation specifically breached its Nidec Precision division based in Vietnam, which focuses on manufacturing optical, electronic, and mechanical equipment for the photography industry. According to the findings from an internal investigation—still ongoing—the attackers gained access using valid VPN credentials belonging to a Nidec employee. This allowed them to infiltrate a server containing sensitive information.
Key Actions Taken:
- Entry Point Secured: The company promptly closed the vulnerability that allowed the breach.
- Enhanced Security Measures: Additional security protocols were implemented based on recommendations from external cybersecurity experts.
- Employee Training: Nidec has initiated training programs for its employees to help them identify and reduce risks associated with cyber threats.
These proactive measures aim to bolster Nidec’s defenses against future cyberattacks while educating its workforce on best practices for cybersecurity.
The ongoing investigation into the cyberattack on Nidec Corporation’s Precision division has uncovered that the attackers stole a total of 50,694 files. The stolen data includes a variety of sensitive documents, such as:
- Internal documents
- Letters from business partners
- Documents related to green procurement
- Labor safety and health policies (covering both business operations and the supply chain)
- Business documents (including purchase orders, invoices, and receipts)
- Contracts
Nidec has stated that it will directly notify all business partners affected by the breach to ensure transparency and address any potential concerns stemming from the compromised data.
8BASE and Everest gangs claim attacks
The 8BASE ransomware gang claimed responsibility for a cyberattack on Nidec on June 18, 2024, alleging that it had stolen data from the company’s systems as early as June 3, 2024. 8BASE claimed to possess not only the sensitive information confirmed by Nidec’s investigation but also additional personal data and a significant amount of confidential information.
In July, Nidec publicly acknowledged that it had experienced a ransomware attack, though it did not specify the responsible group at the time, identifying the affected division as Nidec Instruments.
On August 8, another ransomware group, Everest, which is notorious for obtaining stolen data from other cybercriminals to carry out fresh extortion attempts, published data allegedly belonging to Nidec. Nidec’s latest announcement states that the first contact from the threat actors occurred on August 5, indicating that the communication likely originated from the Everest ransomware gang.
This sequence of events suggests that the attack involved multiple threat actors, with 8BASE initially breaching Nidec’s systems and Everest later attempting to capitalize on the stolen data.