Cyber Incident Victim: 社保乜商社保ルールド
Date:
Feb 2022
Location:
Japan
Summary
A company's internal computers were infected by the Emotet malware, enabling attackers to distribute fraudulent emails impersonating its employees. These messages displayed legitimate employee names but used non-corporate email domains, often containing password-protected ZIP attachments or malicious URLs in the body. Opening such attachments or clicking links risked further malware infections or unauthorized system access. The incident prompted warnings about verifying sender addresses and avoiding interaction with suspicious messages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 7, 2022, Wacoal Group disclosed a cybersecurity incident involving the Emotet malware compromising some of its computer systems. The company confirmed that infected devices generated fraudulent emails impersonating Wacoal employees, which were distributed to multiple external recipients. These messages displayed legitimate employee names in the sender field but used non-Wacoal email domains in the address—a key identifier distinguishing them from authentic corporate communications. The malicious emails frequently contained password-protected ZIP file attachments, with corresponding passwords embedded directly in the message bodies. This technique aimed to bypass basic email security filters while creating a false sense of legitimacy for recipients. Wacoal specifically warned that interacting with these attachments or clicking embedded links could trigger malware installation or unauthorized system access. The company updated its initial disclosure on February 10, though the nature of these updates wasn't detailed in the public notice.
The incident prompted Wacoal to issue specific guidance for identifying fraudulent communications, emphasizing domain name verification (@wacoal.co.jp or affiliated domains for legitimate messages). They confirmed observing spoofed emails using entirely external email providers in the address field despite displaying employee names. While the company didn't quantify the number of impacted accounts or recipients, it acknowledged the potential for operational disruption and reputational harm through its public apology to customers and business partners. No evidence suggested customer data exfiltration in the disclosure. Wacoal's response focused on containment through employee system disinfection and public awareness—urging recipients to delete suspicious emails unopened rather than interacting with attachments or links. The firm supplemented its advisory with examples of fraudulent email templates observed during the incident to aid visual identification by stakeholders.