Cyber Incident Victim: Tescom Denki Co., Ltd.

On or around February 3, 2022, Tescom Denki Co., Ltd. discovered a cybersecurity incident involving malware identified as Emotet on an employee's computer within their corporate group. The malware compromised the company's email server, resulting in the theft of email-related data including sender and recipient names, email addresses, and message subject lines belonging to both internal and external parties. Attackers leveraged this stolen data to send fraudulent emails impersonating Tescom employees to multiple recipients. These malicious emails contained encrypted ZIP file attachments harboring malware, posing risks of further infection or unauthorized access if opened. The company confirmed the unauthorized extraction of personal information from the affected computer and acknowledged the circulation of spoofed communications.

Tescom issued a public apology on February 4, 2022, detailing characteristics of the suspicious emails to aid identification: discrepancies between displayed sender names and actual email addresses, use of non-official domains instead of legitimate "@tescom-japan.co.jp" addresses, and the presence of malware-laden attachments. The company urged recipients to delete such emails without opening attachments or clicking embedded links. Tescom initiated an investigation to establish the full scope of the incident, prevent secondary damages, and curb further dissemination of fraudulent messages. They committed to strengthening information security measures while continuing to assess the breach's ramifications, which included confirmed data exposure and potential operational disruptions stemming from the email system compromise. No specific details regarding the number of affected individuals or additional attacker methodologies were disclosed in the initial advisory.