Blackpanda incident response and digital forensics analysts continue to monitor a series of critical attacks against Japan's automotive industry. The Toyota Group ecosystem not only represents a core pillar of the global economy, but is comprised of nearly 60,000 companies across tier one through four partners. In early March 2022, the international group Denso, one of Toyota’s tier-1 providers, confirmed a ransomware attack against its core operations in Germany.
This attack was purportedly carried out by the Pandora group, which we believe might be a reincarnation of the Rook ransomware group listed Denso as a potential victim in 2021. This warning could be addressed with proper threat intelligence that monitors and alerts any time your domain is mentioned across the deep web. The criminal gang is now threatening to release 1.4 terabytes of critical information, including purchase orders, customer and corporate communications and intellectual property including designs and drawings. This comes just weeks after an attack on Kojima industries, another tier one supplier to Toyota.
During the five days that this purchase ordering system was out, Toyota had to close down 14 of its local production facilities. The attack also impacted the supply chain and operations of two other manufacturers. Although we cannot confirm at this point whether this is part of a coordinated campaign against the Toyota group, Blackpanda would encourage all manufacturers and suppliers in the region and across the automotive supply chain to continue monitoring their systems and remain vigilant.
This attack should serve as a reminder that critical data needs to be backed up and kept offline. In the event of a ransomware attack, you need to ensure that you have tested your backups for integrity, and that you can restore systems to operational efficiency.
We also encourage companies to seek out compromise assessment services, as these can help them assess whether their existing systems have been compromised. Additionally, we highly recommend that every business checks with their operating partners that the correct access controls and permissions are in place across these organizations.
If you believe that your organization may be experiencing a cyber breach, contact Blackpanda immediately for prompt incident response.