Cyber Incident Victim: Wacoal Co., Ltd.
Date:
Feb 2022
Location:
Japan
Summary
A Wacoal subsidiary experienced an Emotet malware infection affecting internal systems, leading to unauthorized emails impersonating company employees being sent to external parties. The fraudulent messages displayed legitimate employee names but originated from non-corporate email domains, often containing password-protected ZIP attachments or malicious links that risked further malware infections or unauthorized access if opened. The incident prompted public advisories about identifying suspicious communications based on domain mismatches and cautioned against interacting with attachments or embedded URLs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2022, Wacoal Co., Ltd. publicly disclosed a cybersecurity incident involving Emotet malware infections affecting some of its internal computers. The company confirmed that unauthorized actors leveraged these compromised systems to send fraudulent emails impersonating Wacoal Group employees to multiple external recipients. These malicious communications displayed legitimate employee names in sender fields but used non-corporate email domains distinct from Wacoal's authentic addresses (such as *****@wacoal.co.jp). The suspicious emails frequently contained password-protected ZIP file attachments, with decryption credentials embedded within message bodies—a known Emotet distribution tactic. Wacoal warned that interacting with these attachments or embedded links risked further malware infections or unauthorized system access. The company acknowledged the incident caused concern among customers and business partners, issuing a formal apology for the inconvenience and anxiety stemming from the event.
Wacoal responded by publishing identification guidelines to help recipients recognize fraudulent communications, emphasizing domain name discrepancies between displayed sender names and actual email addresses. The firm urged recipients to delete suspicious emails entirely without opening attachments or clicking links, particularly those with ZIP files requiring passwords provided within messages. While the initial disclosure occurred on February 7, Wacoal updated its public notice three days later on February 10, though the nature of these updates remains unspecified in available materials. The company's communications focused exclusively on the phishing campaign's distribution mechanism rather than detailing any data exfiltration, operational disruption, or financial impacts resulting from the Emotet infections. No information was provided regarding infection vectors, the number of affected systems, containment procedures, or forensic investigation outcomes beyond the confirmation of initial compromise and subsequent malicious email activity.