Taiyo Kogyo Co., Ltd. Hit by 8Base Ransomware Attack, Sensitive Data Exposed
Incident Date:
June 21, 2024
Overview
Title
Taiyo Kogyo Co., Ltd. Hit by 8Base Ransomware Attack, Sensitive Data Exposed
Victim
Taiyo Kogyo Co., Ltd.
Attacker
8base
Location
First Reported
June 21, 2024
Ransomware Attack on Taiyo Kogyo Co., Ltd. by 8Base Group
Company Profile: Taiyo Kogyo Co., Ltd.
Taiyo Kogyo Co., Ltd., a leader in the design and manufacture of membrane structures, has been a significant player in the construction and civil engineering sectors. Specializing in large-scale projects like the Tokyo Dome, the company utilizes advanced materials such as PTFE coated fiberglass and PVC coated polyester to create innovative and functional structures. Employing over 200 individuals, Taiyo Kogyo is noted for its commitment to quality and customer satisfaction, which has established its reputation in the Japanese steel industry.
Details of the Ransomware Attack
On June 21, 2024, Taiyo Kogyo fell victim to a ransomware attack orchestrated by the 8Base group. This breach resulted in the exposure of a vast array of sensitive data, including accounting documents, personal data, and employment contracts. The attack not only encrypted the company’s files but also involved the theft of data, with threats of public release if the ransom demands were not met, showcasing the double-extortion tactic employed by 8Base.
Profile of the 8Base Ransomware Group
The 8Base group, active since April 2022, has quickly gained notoriety for its aggressive ransomware campaigns targeting various sectors. Known for their use of the Phobos ransomware variant, 8Base has been involved in numerous attacks, often utilizing phishing emails, exploit kits, and drive-by downloads to breach their targets’ security measures. Their approach aims to leverage the stolen data to exert additional pressure on the victims to comply with their ransom demands.
Potential Vulnerabilities and Entry Points
The specific vulnerabilities that were exploited in the attack on Taiyo Kogyo are not detailed, but the methods employed by 8Base in the past suggest possible phishing or exploitation of software vulnerabilities. Given the company’s extensive digital footprint due to its significant online presence and the nature of its business involving large-scale data and project management, these factors might have made them an attractive target for the ransomware group.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.