An unknown cybercriminal group has attacked Kojima.

Incident Date:

January 28, 2022

World map



An unknown cybercriminal group has attacked Kojima.


Kojima Industries




Aichi-ken, Japan

, Japan

First Reported

January 28, 2022

Cyberattack on Toyota Motor's Supplier Halts Production

A cyberattack on Toyota Motor's supplier, Kojima Industries, halted production for a day. Kojima, a plastic parts and electronic components manufacturer that supplies Toyota, said it discovered an error on one of its file servers on February 26th, 2022. The attack suspended Toyota's operations for all of March 1st, 2022, impacting around 13,000 vehicles, as Kojima was not able to ship parts. The incident impacted 14 Japanese factories.

The Attack and Its Implications

While it is unclear what ransomware group attacked Kojima, the use of the powerful Emotet malware reportedly increased in the first week of February, suggesting that it may have been used. Emotet was a sophisticated and highly destructive malware that first emerged in 2014 as a banking Trojan. Over time, it evolved into a powerful botnet and became one of the most prevalent and dangerous malware strains worldwide. Its primary goal was to steal sensitive information, such as banking credentials, and enable other malicious activities, including the distribution of additional malware.

How Emotet Operates

Emotet operated primarily through spam email campaigns, using social engineering techniques to trick users into opening infected attachments or clicking on malicious links. These emails often appeared to be legitimate, mimicking trusted organizations or individuals. Once a user interacted with the malicious content, Emotet would infect the victim's system and establish persistence, making it challenging to detect and remove. The malware used various techniques to propagate within a network, such as brute-forcing weak passwords, exploiting vulnerabilities, and spreading laterally by compromising other devices. Emotet's modular structure allowed it to download and install additional payloads, such as banking Trojans, ransomware, or other malware, depending on the attacker's objectives.

International Efforts Against Emotet

A coordinated international task force dubbed "Operation Ladybird" attempted to combat Emotet in January 2021. The effort disrupted infrastructure supporting Emotet, effectively disabling its command-and-control servers and disrupting its operations. While the task force significantly reduced Emotet's prevalence, it reappeared in early 2022.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.