Threat Actor: External Criminal Group | External Criminal Group
Victim: Nidec Precision Vietnam Corporation | Nidec Precision Vietnam Corporation
Price: Ransom demanded (not disclosed)
Exfiltrated Data Type: Internal documents, business transaction-related documents, contracts, etc.
Key Points :
- Incident occurred on August 5, 2024, involving unauthorized access to NPCV’s network.
- Approximately 50,694 files were compromised, including sensitive internal documents and contracts.
- Attackers demanded ransom for the stolen data, which was disclosed on a dark web site after refusal to pay.
- Access was gained through illegally acquired IDs and passwords of NPCV’s general domain accounts.
- Nidec Precision is enhancing security measures and working with external organizations to prevent future incidents.
- Company urges vigilance against suspicious emails related to the incident.
Nidec Precision Corporation, a leading manufacturer of precision motors and components, recently announced details of a security incident that impacted its Vietnam subsidiary, Nidec Precision Vietnam Corporation (NPCV). The incident, which occurred on August 5, 2024, involved unauthorized access to NPCV’s network by an external criminal group.
In a statement released on October 17, Nidec Precision confirmed that the attackers “stole documents and files in NPCV’s server, and which demanded ransom in exchange for them.” Following the company’s refusal to pay the ransom, the attackers disclosed the stolen data on a dark web site.
The company’s investigation revealed that approximately 50,694 files were compromised, including “NPCV’s internal documents, letters from our business partners, documents related to green procurement, labor safety and hygiene policies (work, supply chain, etc.), business transaction-related documents (order forms, invoices, receipts, etc.), and contracts among others.”
Nidec Precision believes the attackers gained access by illegally acquiring “the IDs and passwords of users of NPCV’s general domain accounts.” The company has taken steps to mitigate the damage, including “scanning all electronic terminals, resetting passwords, and reviewing the access authority to the server, at all of Nidec Precision’s group companies.“
While the company has not yet identified any secondary damage from the incident, they urge vigilance, stating, “If you receive any suspicious email, etc. sent by, for example, someone falsely representing Nidec Precision’s business group or claiming the Incident’s attacker, please make sure not to open the message, or access the URL, etc. in it.“
Nidec Precision is committed to enhancing its security posture and is working with external security organizations and legal counsel to prevent future incidents. The company plans to “launch such actions as enhancing our security system, reeducating our employees, and launching preventive measures, to build a business environment about which our business partners can feel safe and secure.”
Related Posts:
Original Source: https://securityonline.info/nidec-precision-corporation-discloses-security-incident-and-data-leak/