Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Hitachi Energy hit by ransomware attack on third-party provider

Japanese conglomerate Hitachi has revealed one of its third-party service providers has fallen victim to a ransomware attack.

user icon David Hollingworth
Tue, 21 Mar 2023
Hitachi Energy hit by ransomware attack on third-party provider
expand image

The attack advantage of a known zero-day vulnerability, which was first reported — and patched — in February 2023.

Hitachi reported the breach in a press release following the threat operators threatening to post the breached data on the dark web if the ransom is not paid. The Clop ransomware gang has taken responsibility, promising to publish the data “soon”.

The compromised information appears to include Hitachi employee data, though the company has not revealed anything in detail.

============
============

“We recently learned that a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the Clop ransomware group that could have resulted in an unauthorised access to employee data in some countries,” Hitachi said in its release of 17 March.

“Upon learning of this event, we took immediate action and initiated our own investigation, disconnected the third-party system, and engaged forensic IT experts to help us analyse the nature and scope of the attack. Employees who may be affected have been informed, and we are providing support. We have also notified applicable data privacy, security and law enforcement authorities, and we continue to cooperate with the relevant stakeholders.”

Hitachi noted that while employee data was affected, at this point, the company believes no customer data was affected.

“At Hitachi Energy, we value and respect the confidentiality of our employees’ personal information and we understand that they would be rightly concerned about potential unauthorised access,” Hitachi said.

Hitachi employs over 40,000 people in 140 countries.

The Clop operators claim to have breached over 130 organisations using the same zero-day flaw. Speaking to Bleeping Computer, the group said it was able to take advantage of the vulnerability over a 10-day hacking spree.

Clop ransomware was first seen in operation in February 2019.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.