2024 cyberattack on Kadokawa and Niconico

2024 cyberattack on Kadokawa and Niconico
DateJune 8 – August 5, 2024
LocationJapan
TypeCyberattack, Data breach, Ransomware attack
MotiveMoney
TargetNiconico, Kadokawa Group's websites
PerpetratorBlackSuit
Property damage254,241 users' data leaked

On the morning of June 8, 2024, Kadokawa's website and the Japanese video-sharing platform Niconico, suffered a ransomware cyberattack by a Russian-linked hacker group called BlackSuit, who claimed responsibility for the attack.[1]

Background

Niconico is a Japanese video-sharing platform launched in 2006. Niconico's owner, Dwango, is a subsidiary of Kadokawa Corporation.[2] According to Alexa Internet, the site is the 14th most visited website in Japan as of May 1, 2022.[3]

On June 3, 2024, Kadokawa Taiwan reported a cyberattack leaking personal and corporate information.[4]

Two days after the initial attack, Wired stated that ransomware attacks are "accelerating in 2024".[5]

Japan's cyber security has been criticized for lacking IT expert specialists, with about 90% of domestic companies having none according to a think tank survey.[6] One day before the initial attack, Japanese prime minister Fumio Kishida ordered his minister to craft a bill boosting Japan's "active cyber defense".[7]

Attack

BlackSuit's statement

A connection problem with Kadokawa Group services including Niconico was reported from around 3:30 (JST) on June 8, 2024. Dwango stopped all Niconico services with issues at around 6:00 (JST) on the same day and conducted maintenance.[8][9]

On June 9, Kadokawa reported the incident to the police, expert specialists, and the Kanto Local Finance Bureau. On June 14, upon investigation, Kadokawa confirmed that the outage was caused by a ransomware cyberattack, and it was also found that despite remotely shutting down the website's services, the attackers were observed restarting the servers to continue to spread the malware; in response, Kadokawa physically disconnected the server's power and communication cable.[10] On the same day, Niconico set up a temporary website detailing the situation.[2]

On June 27, the Russian-linked hacker group "BlackSuit" published a statement on the dark web claiming responsibility for the attack and threatening to publish the 1.5 terabytes of stolen data of business partners and user information unless a ransom was paid by July 1.[11][12][1]

On July 10, Kadokawa released a statement warning the public that disseminating any leaked information from the data breach would result in legal action.[13]

Niconico and Kadokawa's official website services went back online on August 5.[14][15]

Impact

Niconico announced that all their scheduled programming would be canceled until the end of July.[2]

During this attack, Kadokawa's stock price declined, and by July 3, Kadokawa's stock price had dropped by over 20%.[16] Kadokawa's publishing business' manufacturing end was briefly put on hold after the attack and e-books distribution was delayed. Kadokawa Umbrella, its online shop, was affected and could not receive nor ship orders.[17]

Kadokawa Dwango Gakuen [ja], a private correspondence high school owned by Kadokawa was affected by the attack but restored its services on June 10.[10]

Aftermath and investigation

Niconico implemented new security measures after the attack as well as rebuilding its systems.[18]

On August 6, Kadokawa's investigation revealed that a phishing attack was the possible cause of the attack. It also confirmed that 254,241 people's information was leaked during the attack. Among the leaked data, 186,269 are from the Kadokawa Dwango Educational Institute.[19]

See also

References

  1. ^ a b NEWS, KYODO (June 28, 2024). "Russia-linked group claims cyberattack on Japanese video site niconico". Kyodo News+. Archived from the original on June 29, 2024. Retrieved July 8, 2024.
  2. ^ a b c Hazra, Adriana (July 2, 2024). "Niconico Remains Offline After Kadokawa Cyber Attack, No Customer Information Leaks, Publishing at 'One-Third' of Normal Rate". Anime News Network. Archived from the original on July 4, 2024. Retrieved July 8, 2024.
  3. ^ "Alexa - Top Sites in Japan". Alexa Internet. Archived from the original on May 1, 2022. Retrieved July 8, 2024.
  4. ^ Cambosa, Teddy (June 9, 2024). "Kadokawa Investigates Suspected Cyber Attack as Several Services Go Offline". Anime Corner. Archived from the original on June 9, 2024. Retrieved July 8, 2024.
  5. ^ Pearson, Jordan (June 10, 2024). "Ransomware Is 'More Brutal' Than Ever in 2024". Wired. Archived from the original on July 6, 2024. Retrieved July 8, 2024.
  6. ^ "Editorial: Japan needs to review cyberattack countermeasures as hackers target firms". Mainichi Daily News. July 10, 2024. Retrieved July 10, 2024.
  7. ^ "Japan PM vows to boost 'active cyber defense' to prevent cyberattacks". Mainichi Daily News. June 7, 2024. Archived from the original on June 12, 2024. Retrieved July 10, 2024.
  8. ^ "KADOKAWA、ランサムウェアなどで攻撃 ニコニコは「1から作り直すような規模の作業が必要」". ASCII.jp (in Japanese). June 14, 2024. Retrieved July 8, 2024.
  9. ^ Cayanan, Joanna (June 9, 2024). "Kadokawa Posts Statement After Suspected Cyber Attack (Updated)". Anime News Network. Archived from the original on July 1, 2024. Retrieved July 8, 2024.
  10. ^ a b Tai, Anita (June 16, 2024). "Cyber Attack Delays Kadokawa's Releases, Accounting With Niconico Expected to Stay Offline for 1 Month or More". Anime News Network. Archived from the original on July 1, 2024. Retrieved July 8, 2024.
  11. ^ Jiji (July 3, 2024). "Hackers behind Kadokawa cyberattack claim new info leak". The Japan Times. Archived from the original on July 3, 2024. Retrieved July 8, 2024.
  12. ^ Sudo, Tatsuya (July 2, 2024). "More Kadokawa data leaked as deadline for ransom passes". The Asahi Shimbun. Archived from the original on July 3, 2024. Retrieved July 8, 2024.
  13. ^ "KADOKAWA、個人の情報"不正"発信行為に「法的措置の準備を進めております」". Oricon (in Japanese). July 10, 2024. Retrieved July 10, 2024.
  14. ^ "~ニコニコ動画が8/5に再開、新バージョンに~ ニコニコの復旧状況およびサービス停止に伴う補償について|ニコニコインフォ". blog.nicovideo.jp. Archived from the original on July 27, 2024. Retrieved July 27, 2024.
  15. ^ "Cyberattack-Hit Niconico to Resume after 2 Months of Halt". nippon.com. July 29, 2024. Retrieved July 30, 2024.
  16. ^ "KADOKAWA漏えい影響拡大 書籍出荷が滞り、株価2割下落 | 共同通信". 共同通信 (in Japanese). July 3, 2024. Retrieved July 8, 2024.
  17. ^ Pineda, Rafael Antonio (July 30, 2024). "Kadokawa Gradually Resumes Shipping of Books in August". Anime News Network. Retrieved July 30, 2024.
  18. ^ Tai, Anita (July 30, 2024). "Niconico Services to Resume Operation Beginning on August 5 Following Kadokawa Cyber Attack". Anime News Network. Retrieved July 30, 2024.
  19. ^ "Kadokawa confirms data leak of 254,000 people due to cyberattack". The Japan Times. August 6, 2024. Retrieved August 9, 2024.