Cyber Incident Victim: 株式会社 KKS(株式会社ケイ・ケイ・エス)/ KKS LTD.
Date:
Nov 2022
Location:
Japan
Summary
A Japanese company experienced unauthorized server access resulting in potential exposure of customer personal information, including names, company details, contact information, and order histories. The intrusion involved ransomware ("LOCKBIT2.0") that encrypted internal data, with attackers exploiting security vulnerabilities in internet-facing systems. While forensic investigations found no evidence of data exfiltration or subsequent misuse, the organization acknowledged an inability to definitively rule out information leakage. Response measures included immediate network isolation, collaboration with cybersecurity experts, server restoration from backups, and implementation of enhanced protections like upgraded antivirus software, access monitoring systems, and certificate-based external access controls. Authorities and affected individuals were notified following the investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 5, 2022, an employee in KKS Ltd.'s general affairs department discovered an anomaly while attempting to access files on company servers, finding them inaccessible. Subsequent checks revealed multiple servers displaying "LOCKBIT2.0" indicators, confirming unauthorized third-party access. The company immediately severed external network connections to prevent further spread and established an incident response team that same day. With assistance from external cybersecurity experts, KKS initiated investigations to determine the scope of compromised servers, infection vectors, and data recovery options. Initial analysis confirmed unauthorized intrusion into multiple servers containing customer email communications, parts shipment records, and personal information, with data encryption observed across affected systems.
Forensic investigations revealed attackers likely exploited vulnerabilities in internet-facing security defenses to gain entry, though no conclusive evidence of data exfiltration was identified. The potentially compromised personal data included names, company affiliations (company name, address, phone number, email), order histories, shipment details, and some customers' private residential addresses and phone numbers for individuals who had exchanged business cards or placed orders between April 1, 2018, and November 4, 2022. KKS implemented vulnerability patches, deployed enhanced antivirus software, installed unauthorized access monitoring systems, and enforced certificate-based external access controls across all servers to strengthen security posture. All affected systems were restored using backup data, with mandatory breach notifications submitted to the Personal Information Protection Commission and local police authorities. Customer notifications commenced on January 30, 2023, supported by dedicated inquiry channels, while the company reinforced employee security training and infrastructure safeguards to prevent recurrence despite no confirmed instances of information misuse at the time of reporting.