Panasonic confirms cyberattack, Conti claims responsibility

Panasonic’s Canadian subsidiary has been hit by a cyberattack. The Conti ransomware group claims to be responsible.

Panasonic Canada was the victim of a “targeted cyberattack” in February. This is explained by a spokesman against TechCrunch†

“We took immediate action to resolve the issue, with the help of security experts and service providers. We have isolated the malware, restored servers, rebuilt applications, and communicated with customers and authorities. »

This is the second incident in six months. Late last year, a Japanese broadcaster revealed that cybercriminals repeatedly accessed Panasonic’s servers through 2021. In December confirmed the electronics giant discovered the leak. Cybercriminals had access to the personal data of job seekers, employees and partners.

Ransomware Panasonic Canada

We know the most recent attack involves malware, but beyond that details are scarce. Although Panasonic confirms that the attack was carried out by cybercriminals, the organization has not identified any perpetrators.

Security researcher VX-Underground claims that the Conti ransomware group claimed responsibility for the attack. TechCrunch claims to have seen the leaked website. Malware groups use leaked websites to claim attacks and leak data. Partial data breaches can convince a victim to pay a ransom.

Conti’s leaked website contains internal files, spreadsheets and documents from the human resources and accounting departments. According to Conti, the files are from the data breach at Panasonic. The total loot would be 2.8 gigabytes.

TechCrunch asked Panasonic if this was a ransomware attack. Panasonic did not deny the possibility. The organization declined to specify if and what data had been stolen. The response is similar to the 2021 incident, when the organization provided the details a month after the announcement.

keep on going

Last week, Conti disclosed customer data from eight Dutch housing associations. Housing associations were hacked after a ransomware attack on The Sourcing Company, their IT service provider. The Sourcing Company has still not recovered. The housing associations said they had no intention of paying a ransom.

Conti’s leaked website has been active since 2020. In mid-2021, the ransomware group made headlines after a series of attacks on the Scottish Environmental Protection Agency, the clothing brand Fat Face and health care in Ireland and New Zealand.

In early attacks, the ransomware group used a variant of the AES-256 encryption standard. For attacks on healthcare facilities, Conti used a new variant of ransomware.

In 2022, right after the Russian invasion of Ukraine, Conti expressed his support for Russia. An anonymous security researcher responded with 60,000 chat messages members of the Conti group. Chat message topics vary. Members speak in Russian, including support for Putin and anti-Semitism.

Trick: Ransomware is an APT, this is how you should treat it