MINO INDUSTRY CO., LTD.
Mino Industries Co., Ltd. hereby provides an update regarding the ransomware cyberattack previously reported in our third notice dated October 21.
Our latest investigation has found significant changes from our prior findings, and we’ve made necessary corrections. Specifically, regarding the data leakage, our earlier assessment indicated only “traces of minimal data transmission.” We have now identified “traces of substantial data transmission.”
As a result, we have confirmed that certain customer and personal information held by our company was leaked externally.
We sincerely apologize once again for any considerable inconvenience we may have caused to our customers, business partners, and all parties concerned.
We hereby present the findings identified through our latest investigation. (Corrections and newly confirmed information since the third report are indicated in red.)
Overview of the Cyberattack
- October 1 (Wed) 19:31
Unauthorized access to our internal network via misuse of an employee VPN account.
(This was not due to VPN device vulnerabilities, but rather the illicit use of a legitimate ID and password.) - October 1 (Wed) 20:32
Exploitation of system administrator account privileges.
From this point until VPN disconnection at 04:45 on October 4, the attackers conducted internal reconnaissance, seized control of client terminals, and executed data exfiltration using multiple compromised endpoints. - October 3 (Fri) 20:58
System destruction, file encryption, and server initialization were carried out. - October 4 (Sat) 01:21
A ransom note was placed in an internal folder.
Response Measures
- October 4 (Sat) 02:25 ー Attack confirmed
- October 4 (Sat) 02:49 ー Network disconnected
- October 4 (Sat) 04:45 ー VPN disconnected
- October 4 (Sat) ー Notifications sent to customers, relevant authorities, and police
- October 4 (Sat) ーRecovery initiated for systems related to order processing, production, shipping, and financial settlement
- October 7 (Tue) ー Restrictions on external connections implemented
- October 8 (Wed) ー Report submitted to the Personal Information Protection Commission regarding potential data leakage
- October 10 (Fri) ー Detailed forensic analysis initiated
- October 28 (Tue) ー Data leakage confirmed on a dark web site
- October 29 (Wed) ー Dark web site closed; no reappearance as of November 3
Current Status
- Deployment of EDR and behavioral detection solutions
- Comprehensive virus scans on all servers and terminals using advanced antivirus software
- Password changes for all IDs
- Complete closure of all access points, including VPN (no plans for early reopening)
- Restricted external access via clean terminals isolated from internal systems
- Ongoing detailed forensic investigation by external specialists
External Impact
At present, we have found no evidence of specific harm or unauthorized use affecting our customers or business partners in connection with this incident.
Data Leakage
On October 28 (Tue), we confirmed data leakage on a dark web site.
Although investigation into the leaked content is ongoing, the site was closed on October 29 (Wed) evening, limiting further analysis.
Current forensic findings indicate approximately 300GB of unauthorized data transmission.
(Please note that this is based on current findings and further investigation is underway.)
We will contact relevant parties directly regarding detailed information.
We remain fully committed to implementing all necessary measures to restore a secure environment and will continue sharing information to help prevent similar incidents at other organizations.