Toyota Motor suppliers have been facing a slew of cyberattacks in recent months, with Toyota Boshoku subsidiary TB Kawashima, which has been providing car seat cover fabrics, being the latest victim, reports The Asahi Shimbun.
TB Kawashima had its Thailand-based sales firm impacted by a cyberattack, which has not affected operations but may have compromised employee and client data.
The intrusion was already claimed by the LockBit ransomware group in a posting on its data leak site on June 18.
A separate cyberattack also targeted Toyota subsidiary and auto parts manufacturer Kyoho Machine Works.
Officials said that Kyoho plant operations nor corporate data were affected by the breach but the company did note plans to strengthen its cybersecurity posture with the help of Aichi prefectural police.
The attacks come months after Toyota partners Denso and Kojima Press Industry were impacted by cyberattacks that resulted in the theft of employee data and blueprints, and prompted temporary shutdowns of Toyota factories in Japan, respectively.
Cyberattacks target Toyota suppliers
Toyota Motor suppliers have been facing a slew of cyberattacks in recent months, with Toyota Boshoku subsidiary TB Kawashima, which has been providing car seat cover fabrics, being the latest victim.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.