Fujikura Global, LockBit Ransomware Group’s Latest Victim


Hacker group LockBit 3.0 has claimed Fujikura Global, the Japanese manufacturer of electrical and electronic products company, as its victim

In their latest post, the threat actor claimed to have breached the corporate headquarters of the Japanese company and infiltrated each of its far-flung outposts around the world.  

The hacker group claims that the compromised data consists of a staggering 718GB of confidential and critical information pilfered from the company’s digital infrastructure.  

The purloined data encompasses a vast array of valuable assets, such as financial records, internal reports, certificates, correspondence, extensive internal documentation, tables, employee personal information, and much more. 

LockBit 3.0 and Fujikura Global: What could be compromised? 

The threat actors have also shared a deadline for the ransom to be paid by the company.  According to the threat actor’s post, the deadline for paying the ransom amount is February 20, 2023, 02:42:20 UTC. 

 The group also shared its plans to negotiate with the company and has invited Fujikura Global to discuss the ransom amount. The contents of the stolen data consist of the following documents.  

  1. Product Reports with Problem Checking 
  2.  HR reports by year and month 
  3. Sales invoices, objectives, sales results, balance sheets 
  4. Reports and presentations to reduce costs. Financial statements of subsidiaries. 
  5. Hazard Identification and Risk Assessment Production or Production 
  6. Sales Accounting 
  7. NDA_(Non Disclosure Agreement) 
  8. Environmental Reports on Emissions, Pollution. Financial statements. employee training matrix 
  9. Audit of export security controls, with signatures 
  10. Report on commission payments in $ and ¥ 
  11. Evaluation of suppliers: delivery, efficiency, costs. 
  12. CAR Control Record(Internal) 
  13. Acceptance of goods or parts 

At the time of writing, 20D 19h 07m 10s was the deadline before the data is published on dark web forums.  

Fujikura Global

Fujikura Ltd., a leader in the electrical equipment industry, traces its roots back to 1885 when founder Zenpachi Fujikura began producing insulated winding wires made of silk and cotton.

A decade later, in 1910, Fujikura Electric Wire Corporation was established with Tomekichi Fujikura, Zenpachi’s younger brother, at the helm.  

From its global headquarters in Tokyo, Fujikura Ltd. reigns as a leader in the electrical equipment industry. The company crafts cutting-edge power and telecommunication systems, pushing the limits of innovation by developing and manufacturing products like optical fiber devices such as cutters and splicers. 

Over the years, the company has grown to become a global presence in Europe, Asia, North and South America, and North Africa.

In 2014, the company received an order for special large core fibers from Tokyo University to be used at the Subaru Telescope in Mauna Kea, Hawaii. 

LockBit 3.0: Mode of operation

LockBit 3.0, also known as LockBit Black, is a ransomware strain from the LockBit ransomware family. First discovered in September 2019, it’s a self-spreading ransomware targeting organizations with the ability to pay large ransoms.

Discovered in late 2022, this new version too encrypts and exfiltrates files on infected devices and demands ransom for their return.

“A reverse-engineering analysis of the LockBit functionality shows that the ransomware has carried over most of its functionality from LockBit 2.0 and adopted new behaviors that make it more difficult to analyze by researchers,” said a Sophos report on the new version.

“For instance, in some cases it now requires the affiliate to use a 32-character ‘password’ in the command line of the ransomware binary when launched, or else it won’t run, though not all the samples we looked at required the password.”

The typical attack process for LockBit 3.0 involves infecting the victim’s device, encrypting files with a key “-pass”, using multiple threads for faster encryption, deleting certain services, and using an API to access the service control manager database.

The victim’s wallpaper is changed, and if the ransom isn’t paid, the data may be sold on the dark web. Currently, LockBit 3.0 is known for exploiting Windows Defender to deploy Cobalt Strike, a penetration testing tool, and causing a chain of malware infections.

“LockBit operates as a RaaS model, where they will work with affiliates who may not already have the resources for creating and deploying attacks. In this situation, a percentage of the ransom would go back to the affiliated hacker,” said a U.S. Department of Health & Human Services alert in December 2022.





Source link