Shimano cyberattack: the LockBit group claims responsibility


Japanese bicycle parts manufacturing giant Shimano has reportedly been the victim of a cyberattack orchestrated by the notorious LockBit ransomware group.

The Japanese manufacturer, known for producing cycling components, fishing equipment and rowing equipment, is now grappling with the fallout from the alleged Shimano cyberattack that potentially puts sensitive information at risk.

The LockBit ransomware group claims to have gained unauthorized access to 4.5 terabytes of data. This treasure trove includes employee details such as IDs, NRICs, IC numbers, TIN numbers and SSS numbers, along with contact information such as email addresses and phone numbers.

In addition, confidential documents, including contracts, financial records, customer databases, reports, presentations and various internal documents, were compromise.

Shimano Cyberattack Decoded

Claims of Shimano cyberattack by Lockbit ransomware
Source: Twitter

Shimano cyberattack extends to financial documentsencompassing balance sheets, budget reports, profit and loss statements, expense reports, bank statements and various tax forms.

Additionally, confidential reports, sales reports, legal documents, and factory inspection results, among others, have been marked as sensitive. The seriousness of the situation is underlined by LockBit Group the claim that all available data will be made public.

The Cyber ​​Express requested a statement from the bicycle parts giant regarding the alleged Shimano cyberattack. However, at the time of writing, no official response has been received. This leaves the Shimano cyberattack claims unverified, increasing the urgency for the organization to quickly remedy the situation.

Shimano Cyberattack and Recent Cybersecurity Struggle

In a disconcerting parallel, the aerospace and defense giant Boeing was also prey to a cyber incident attributed to the LockBit ransomware group. While Boeing acknowledged the occurrence of a “incident“, the full extent of the breach has not yet been revealed.

LockBit ransomware group has become one of the most active and prolific cyber threats, involved in a series of attacks throughout the year. What sets LockBit apart is its preference for targeting small and medium organizations, with a medium budget ransom demand significantly lower than the others ransomware strains. Its evolution from LockBit 2.0 in 2021 to the current version, LockBit 3.0, discovered in June 2022, shows its adaptability and persistence.

LockBit’s incursions into target networks are facilitated by purchasing access, unpatched vulnerabilities, insider involvement and zero day exploits. Once inside, LockBit takes control, collects vital network information, and carries out its primary goals, including data theft and encryption.

A defining characteristic of LockBit attacks is the use of a double extortion tactic. Victims are forced to pay twice: first to regain access to their encrypted files, and then to prevent their stolen data from being released to the public. When deployed as Ransomware-as-a-Service (RaaS), an Initial Access Broker (IAB) facilitates the initial breach, allowing the primary LockBit operator to perform the second stage of exploitation.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber ​​Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment