Cyber Incident Victim: Auroko
Date:
Jun 2022
Location:
Japan
Summary
The Atsugishi Fishery Cooperative Association's mail-order site, Auroko, experienced a malware attack involving Emotet, potentially compromising customer information stored in email communications. The malware infected a computer used by the direct sales store, leading to possible unauthorized access to emails containing names, addresses, telephone numbers, and email addresses of customers. The cooperative suspended the mail order site following the incident and conducted an investigation to assess the scope of the breach. No definitive confirmation of data exfiltration was provided, but the association acknowledged the risk of external leakage due to the malware's presence. Operations were temporarily halted while recovery efforts were underway.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Atsugishi Fishery Cooperative Association disclosed a malware incident affecting its mail-order store, Auroko, involving potential unauthorized access to customer information. In June, the cooperative identified that one computer utilized by the direct sales store had been infected with Emotet malware, leading to concerns that stored email data on the terminal might have been exfiltrated. The compromised data included emails exchanged between the store and customers, containing names, addresses, telephone numbers, and email addresses. The cooperative did not specify the exact number of affected individuals but confirmed the breach involved communications from both the store to customers and customer inquiries. The malware’s presence disrupted operations, prompting the temporary closure of the mail-order site.
Upon detecting the infection, the cooperative isolated the compromised terminal to prevent further spread and initiated an internal investigation. The organization did not disclose whether external cybersecurity experts were engaged but confirmed the incident was reported to relevant authorities. The mail-order site remained offline for remediation and was scheduled to resume operations on August 12. The cooperative acknowledged the possibility of data leakage but did not provide evidence confirming actual misuse of the information. No ransomware demands or explicit attacker motives were mentioned in the disclosure. Recovery efforts focused on restoring system functionality and ensuring security before reopening the service to customers.