Japanese watchmaker Seiko struck by BlackCat/ ALPHV ransomware attack

Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility.

The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken place on July 28. According to Seiko, an unidentified party or parties gained unauthorized access to at least one of its servers. The company hired external cybersecurity experts who confirmed that a breach had taken place.

The statement from Seiko notes that the company is verifying the exact nature of the information that was stored on the impacted servers and would provide more information when available, though that was nearly two weeks ago.

Exactly what was stolen has emerged on the dark web leak site for the ALPHV ransomware group. According to a statement on its site published this morning, the group has obtained a long list of internal documents, including watch blueprints and designs, sales reports, invoices, employee emails, employee personal data, contracts and audits.

BlackCat/ALHPV claims that since the company refused to negotiate a payment with them, it’s now starting to publish the stolen data.

“All the data belonging to Seiko Group Corporation will be released for free download in closest future in case if we will not make an agreement with their management or we will not met an offer from buyers which we will not be able to refuse,” the group wrote.

Of the initial documents shared, some are in Japanese, but others show what appears to be blueprints and pictures of watch designs, the first page of a 2007 agreement between Seiko and Barclays Bank PLC, and a copy of someone’s passport for good measure.

The publication of a small tranche of stolen documents is typical of modern ransomware groups attempting to force a company to make a ransom payment to stop the further release of the stolen documents. The amount being demanded from Seiko was not disclosed by the group.

BlackCat/ALPHV was previously in the news in June when it targeted Casepoint Inc., a legal discovery technology company. The group was also in the news in April when it targeted retail point-of-sale and automatic teller machine technology company NCR Corp. However, those are but a handful of its claimed victims, since the group’s leak site lists many more.

James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that BlackCat/ALPHV allegedly gained access to Seiko via initial access brokers, buying exposed credentials or tokens that allowed them to compromise the target.

“Organizations must have or implement several technologies to improve defenses against this attack vector,” McQuiggan warns. “They want to ensure that all internet-facing assets like RDP, VPNs, email and web applications are consistently updated and hardened, as this is the standard attack vector with available credentials.”

Images: Bing Image Creator, ALPHV