The threat actors that breached Nidec Corporation earlier in 2024 leaked the data they stole during the dark web attack, the company has confirmed.
In the announcement, the company explained that a threat actor stole valid VPN account credentials from a Nidec employee and used them to access a server containing sensitive information.
It’s important to note that this wasn’t a full-blown ransomware attack: no systems were encrypted during the attack. Instead, the threat actor stole as many files as possible and ran away.
8BASE and Everest
Nidec Corporation is a Japanese multinational company specializing in electric motor technology, producing a wide range of motors for applications such as automotive, industrial and household appliances.
In early June 2024, one of its subsidiaries, Nidec Precision, suffered a cyber attack.
Nidec Precision focuses on the design and production of precision components, particularly in the fields of robotics, electronics and industrial automation. This company is located in Vietnam.
Among the information stolen in the attack are 50,694 files, including internal documents, letters from business partners, documents related to green purchasing, occupational safety and health policies, business documents (purchase orders, invoices, receipts), contracts and more.
About two weeks after the incident, a ransomware threat actor called 8BASE claimed responsibility for the attack. The group said the organization had not disclosed the full extent of the compromised data and that it had a “vast amount” of confidential files. A month later, another threat actor named Everest leaked the stolen data.
According to BleepingComputerEverest is a threat actor that specializes in extortion negotiations, so it’s safe to assume that 8BASE handed the job to Everest after its efforts proved futile. Ultimately, no malicious actors were able to convince Nidec to pay up.
Via BleepingComputer