Casio, the renowned Japanese electronics manufacturer, has confirmed that the cyber incident reported earlier this week was the result of a ransomware attack. The breach, which occurred on October 5, compromised sensitive information belonging to employees, customers, and business partners, along with data from affiliates and contractors.
In an updated statement, Casio revealed that the attack damaged several servers, which were subsequently rendered unusable. The hackers gained access to data stored on these systems, prompting the company to shut down the affected servers and bring in third-party security experts to investigate and mitigate the damage.
Casio formed a dedicated task force to restore the compromised systems and has involved local authorities, including the Japanese police and Japan’s Personal Information Protection Commission, which were notified on October 6 and 7, respectively. Early findings suggest that personal information belonging to temporary and contract workers, employees of affiliated companies, former job applicants, and some customers was leaked. However, Casio confirmed that no customer credit card information was compromised.
Details about the stolen data remain limited, but the company did disclose that sensitive documents, including contracts, invoices, human resource data, and technical information, may have been accessed. Legal documents and audit information related to both current and former business partners were also part of the leak.
Casio urged affected individuals to remain vigilant for phishing or spam emails that could exploit the stolen information. They also requested that the stolen data not be shared on social media, as doing so could amplify the harm to those affected and facilitate further criminal activity.
The ransomware group behind the attack, identified as the “Underground” gang, claimed responsibility on October 12. The group, which reportedly emerged in July 2023, claimed to have stolen nearly 205 GB of data from Casio. Samples of the stolen information were shared as proof of the breach’s legitimacy.
Cybersecurity researchers believe the Underground gang may be linked to the RomCom cybercrime group, a Russia-based entity known for ransomware and extortion operations. Microsoft had previously reported that RomCom deploys the same backdoor malware used in this attack and is involved in credential-gathering campaigns likely linked to intelligence efforts. They noted significant similarities between Underground’s ransomware and the Industrial Spy ransomware, suggesting a possible rebranding of the same operation.
The incident is a reminder of the growing sophistication of cybercriminals and the wide-reaching impacts these attacks can have on businesses and their stakeholders across the globe.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
