Cyber Incident Victim: Seiko Instruments Inc.
Date:
Jul 2023
Location:
Japan
Summary
The AlphV/Black Cat ransomware gang claimed responsibility for a cyberattack against Japanese watchmaker Seiko, sharing screenshots of stolen data including spreadsheets and presentations. The company confirmed unauthorized access to at least one server, engaged external cybersecurity experts to investigate, and determined that information stored by the organization or its group companies may have been compromised. While verifying the exact nature of the impacted data, the firm is working to prevent further damage and secure systems against recurrence. Customers and partners were alerted to potential suspicious communications originating from the breach and advised to exercise extreme caution with such messages to avoid secondary harm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 28, 2023, Seiko Group Corporation detected a potential data breach involving unauthorized access to at least one of its servers. The company, which reported annual revenues exceeding $1.7 billion from sales of watches, clocks, electronic devices, semiconductors, and optical products, initiated an external cybersecurity investigation on August 2 to assess the compromise. By August 10, Seiko confirmed it was "reasonably certain" that a breach had occurred and that information stored by the company or its group subsidiaries may have been exposed. While the exact nature of the compromised data remained under investigation, the AlphV/Black Cat ransomware gang publicly claimed responsibility for the attack on August 21, 2023, sharing screenshots of stolen materials including spreadsheets and presentations. This group, linked by experts to the Colonial Pipeline-attacking Darkside operation, has conducted numerous high-profile ransomware campaigns in 2023 against entities like Estée Lauder, Reddit, and NCR. Seiko's investigation focused on verifying the scope of data stored on affected servers, with promises to disclose specifics upon completion. The company alerted customers and partners to monitor for suspicious communications purporting to originate from Seiko email addresses, advising extreme caution regarding link interactions or file openings in such messages.
Seiko engaged external cybersecurity specialists to contain the breach, prevent further damage, and fortify systems against recurrence, though technical specifics of the intrusion vector were not disclosed. The company established dedicated contact channels through its General Affairs Department for breach-related inquiries, emphasizing organizational collaboration with experts to secure infrastructure. This incident occurred amid rising ransomware attacks against Japanese corporations, as noted by NTT cybersecurity strategist Mihoko Matsubara, who referenced recent breaches at pharmaceutical firm Eisai and zipper manufacturer YKK within the preceding three months. Matsubara highlighted cascading sectoral risks exemplified by the July 2023 ransomware attack on Port of Nagoya, Japan's largest maritime hub. Seiko's public communications avoided confirming AlphV/Black Cat's involvement but acknowledged potential data compromise across group entities, maintaining that verification efforts would dictate subsequent disclosures. The company reiterated warnings for stakeholders to exercise heightened vigilance against malicious emails leveraging Seiko's identity, advising staff to avoid interacting with suspicious content. No ransomware payment demands or operational disruptions were detailed in available statements, with focus remaining on forensic analysis and stakeholder notification protocols.