This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption.   Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)
The anatomy of a ransomware attack
04:04 - Source: CNNBusiness

Toyota Motor will restart domestic production from Wednesday after a cyberattack on a supplier ground the automaking giant’s factories to a one-day halt, sparking concerns about vulnerability in Japan Inc’s supply chain.

No information was available about who was behind the attack, nor the motive. It came just after Japan joined Western allies in clamping down on Russia in response to the invasion of Ukraine, although it was unclear whether the attack was related.

Cybersecurity has emerged as a key area of concern in Japan, where government critics say responses to hacking threats have been hampered by a fractured approach: an attack on a hitherto obscure supplier was enough to bring one of the world’s mightiest manufacturers to a domestic standstill.

Toyota’s (TM) production lines will be switched back on at its 14 factories across the country on Wednesday, it said in a statement. Tuesday’s suspension hit output of around 13,000 vehicles.

Kojima Industries, which provides plastic parts and electronic components to the automaker, said it had discovered an error at one of its file servers on Saturday night. After rebooting the server, it confirmed it had been infected with a virus, and found a threatening message, it said in a separate statement.

The message was written in English, a Kojima spokesperson told Reuters, but declined to give further details.

The system failure at Kojima meant the supplier was unable to ship parts, forcing Toyota (TM), which does not stockpile components at its plants, to pause production, a Toyota (TM) spokesperson said.

Top tier

Government ministers said they were following the incident closely. While big companies have cybersecurity measures in place, the government is worried about small or mid-level subcontractors, the industry minister, Koichi Hagiuda, told reporters on Tuesday.

Reports of the powerful malware Emotet being used have increased since the first week of February, according to the Japan Computer Emergency Response Team/Coordination Center, which provides information on cybersecurity.

Emotet is used to gain access to a victim’s computer before then downloading additional malicious software, such as those designed to steal banking passwords, or ransomware which can lock a computer until an extortion fee is paid.

It was not clear whether Emotet was used on the Toyota supplier. Toyota declined to comment on whether it had detected early signs of a potential cyberattack or whether Emotet was responsible for paralysing its operation.