Incident Of The Week: Malware Attack Disrupts Hoya Factory Operations

A malware cyber attack led to a partial shutdown of production lines for three days

The Japanese optical products manufacturer Hoya Corporation was hit by a cyber attack at the end of February. Bleepingcomputer reported that the incident led to a partial shutdown of its production lines from Thailand for three days. Hoya is one of the largest companies in Japan and the largest producer of optical products. It has over $4.1B in yearly revenue.

Hoya said that around 100 computers were infected with a malware strain that was meant to steal user credentials and drop a cryptocurrency miner during the second phase of the process (which the company said it was able to prevent).

See Related: “Malware Attack Exposes Patient Data

Local media sources including The Japan Times, Kyodo News and SankeiBiz also covered the attack noting that Hoya was able to block the cryptojacking attempt after the “credential-stealing malware put an abnormal load on a network server which led to the quick discovery of the attack. Following the initial phase of the attack, the workers were no longer able to effectively take care of orders with the overall industrial output level of the manufacturing plant dropping by roughly 60%.”

Further, the computers at the Japanese headquarters were also impacted, making the task of issuing invoices a challenge in addition to just the IT computing system of the Thailand plant.

While a company official from Hoya said that the cyber attack had a limited impact on operations, ‘little’ impact on business and no data was leaked, the production delay caused by the malware attack is still affecting the manufacturer. As the factories in Thailand operate around the clock, Hoya had yet to fully recover from the production delay caused by the cyber attack as of the end of March.

Toyota, Norsk Hydro Also Report Attacks

In addition to the Hoya cyber attack, multiple Toyota and Lexus sales subsidiaries were breached at the end of March, leading to about 3.1 million customers’ information being leaked. According to the company's official statement — only published in Japanese — the data breach entailed unauthorized access to a server connected to the company's network.

See Related: “Toyota's Second Data Breach Affects Millions Of Drivers

Similarly and also in March, the Norsk Hydro aluminum company was forced to switch to partial manual operations after a cyber attack that pushed LockerGoga ransomware impacted its production plants.

In January, that same type of LockerGoga ransomware was also used to attack the network of Altran Technologies (an engineering consulting firm), which was ‘subsequently forced to shut down its entire IT network to protect the company's data,’ according to Bleepingcomputer.

See Related: "Incident Of The Week" Articles