This week, the Japanese conglomerate Fujifilm reported an intrusion into its information systems. The Russian group of cybercriminals REvil would be implicated in the propagation of the trojan and the data thief Qbot a priori present in the networks of the Japanese firm since mid-May 2021 followed by a ransomware.
Fujifilm has shut down parts of its global computer network and shut down servers due to a cyber attack. The Tokyo-based Japanese digital imaging and medical technology specialist said on June 2 that it was investigating unauthorized access to its servers and had shut down and disconnected its network from external sources as a precaution. . “By the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack,” Fujifilm said in a statement. “As a result, we have taken steps to suspend all affected systems in coordination with our various global entities.”
According to Advanced Intel CEO Vitali Kremez, interviewed by Bleeping Computer, Fujifilm has apparently been infected with Qbot malware since May 15, 2021, which is usually spread through phishing. Circulating for 13 years, it belongs to the category of “stealers” ie specialized in the theft of information and which particularly affected banks and financial institutions. “Since the rise of ransomware, the hackers behind Qbot are currently working with the ransomware group REvil,” said Vitali Kremez. Also known as Sodinokibi, this cybergang caused a stir when it attacked Acer last March with a demand for a ransom of $ 50 million. And undoubtedly also a few days ago the agri-food giant JBS.
All means of communication cut off
“Forensic analysis suggests that the ransomware attack on Fujifilm began with a Qbot Trojan infection last month, which allowed hackers to gain a foothold in company systems with which the Secondary payload by ransomware has been introduced, ”said Ray Walsh, digital privacy expert at ProPrivacy. “More recently, the Qbot Trojan has been actively exploited by the REvil cybergang, and it seems highly plausible that Russian-based hackers are behind this cyberattack.”
Fujifilm Business Innovation, ex-Fuji Xerox, which operates in the printers and documents, cloud, artificial intelligence and IoT sectors, was not affected by this cyberattack a priori. At least one local branch of Fujifilm has had to temporarily shut down its operations in America. The bringing of the information systems back online began on June 3 and the group’s activities should come back fully operational as of today. Japan’s British website indicated that for some of its entities, the impacts affected all means of communication (e-mails, phone calls, online chat, etc.) dependent on its network.