Anyone clicking on to the Kojima Industries’ website Monday, 28 February was greeted with the message: “This site can’t be reached.”

Kojima Industries (not to be confused with Japanese game developer, Kojima Productions), is a supplier of plastic parts and electronic components for Toyota, and according to Reuters, Kojima found an error on a file server on Saturday, 26 February. Following a reboot, the company found malware, and a “threatening message”.

As Kojima is a proponent of so-called “just-in-time” manufacturing it does not stockpile parts, and consequently the incident left Kojima unable to ship deliveries to Toyota. Toyota announced at their website on Monday, 28 March:

Due to a system failure at a domestic supplier (KOJIMA INDUSTRIES CORPORATION), we have decided to suspend the operation of 28 lines at 14 plants in Japan on Tuesday, March 1st (both 1st and 2nd shifts). We apologize to our relevant suppliers and customers for any inconvenience this may cause.”

No information on who was behind the attack, or the motive, has not yet been found. And it must be stressed (at the time of writing) that there is no indication that the attack on Kojima has any link to a Russian actor, although Japan joined Western allies in clamping down on Russia in response to the invasion of Ukraine just a few days before the incident. The Japanese authorities are investigating the possibility, but any further commentary on this point must be treated as pure speculations until that is thoroughly investigated.

What is clear though, is that the security breach was of an indirect type, where threat actors targeted the weak links in the supply chain or business ecosystem. And, according to a security report from Bulletproof, indirect attacks against weak links in the supply chain account for 40 % of security breaches. Consequently, according to the aforementioned security report, smaller businesses have begun taking steps to implement ISO 27001 and the recently updated ISO 27002.

However, Toyota restarted its operations in Japan the day after on Wednesday, 2 March. As Toyota’s subsidiaries Daihatsu Motors and Hino Motors also halted their production it was estimated(!) that the disruption caused a 5 % drop in Toyota’s monthly production in Japan, and hence the loss of production of approximately 13 000 vehicles across Toyota’s 28 production lines at 14 plants in Japan, including plants operated by its Hino and Daihatsu subsidiaries.

Other interesting news about automotive security: 

  • A tip from one of our readers! A facetious “turning-the-tables” story involving Nvidia and offended hackers. Nvidia hacked.
  • Electric vehicle charging stations (EVCS) along Russia’s M11 motorway, hacked by a Ukrainian EVCS parts providing company. EVS hacking.
  • One of Europe’s biggest car dealers, Emil Frey, was hit with a ransomware attack last month.

Written by Joakim Rosell