Major Japanese defense contractor breached by ALPHV

Japan Aviation Electronics (JAE), a multi-billion tech manufacturer, has confirmed that it’s been hit with a cyberattack that impacted its workflow.

JAE was listed on the dark web blog of ransomware gang ALPHV (also known as BlackCat), which it uses for showcasing its latest victims.

The attackers were scant on details about the breach and did not indicate what type of data the cybercrooks may have accessed.

Meanwhile, JAE confirmed the attack with a statement, saying that an external party had accessed some of the group’s servers without authorization. The company says that it has launched an investigation into the issue.

JAE posted on ALPHV's dark web blog. Image by Cybernews.

The company’s global website was inaccessible at the time of publishing this article.

“We are currently investigating the status of damage and restoring operations, but some systems have been suspended, and there have been some delays in sending and receiving emails,” the statement said.

JAE noted that there’s no indication any information was leaked. However, ransomware gangs operate by stealing data and then demanding payment for not publishing it, meaning that leaks may come at a later date.

“We sincerely apologize for any inconvenience caused to our customers and other concerned parties. We will immediately inform you of any new matters to be reported as soon as we find them through further investigation,” the company said.

JAE is a publicly traded company with a yearly revenue exceeding $1.5 billion. The company employs nearly 10,000 staff and specializes in the manufacture and sale of connectors, interface solution equipment, and other tech.

Its products are used in mobile devices, automobiles, infrastructure, industrial machinery, flight control and navigation equipment, as well as space electronics.

Who is ALPHV/BlackCat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling malware subscriptions to criminals.

According to an analysis by Microsoft, threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to the Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.

The gang gained international attention earlier this year after it, together with Scattered Spider hackers, attacked MGM Resorts International and Caesars Entertainment.

According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing 317 organizations worldwide.