Japanese gaming company fell victim to cyber-attack in November 2020
An investigation into a ransomware attack on Japanese video game developer Capcom has determined that malicious hackers gained access via an outdated virtual private network (VPN).
The attack, as previously reported by The Daily Swig, happened in November 2020, when malicious hackers knocked email and file servers offline.
An investigation conducted by an independent third party has since determined that the unknown actors gained access to networks in both the US and Japan by exploiting the VPN service, which Capcom said was still in use due to Covid-19 “burdens”.
Read more of the latest ransomware attack news
The post-mortem report, released today (April 13), stated that the VPN was used by staff from the developer’s North American subsidiary, Capcom USA, Inc.
Other Capcom Group divisions had already moved to using a new VPN at the time of the attack.
However, due to the “growing burden” on company networks in the US due to the spread of Covid-19 in California, where the North American subsidiary is located, an older VPN remained as an emergency backup in case of communication issues.
The hardware in question has since been removed from the network, Capcom confirmed.
Vulnerable VPN
Attackers were able to use the vulnerable VPN to gain access to internal Capcom networks both in the US and Japan.
The final stage of the assault saw ransomware deployed, resulting in the encryption of files on affected devices.
RECOMMENDED Indian stock trading site Upstox resets passwords in response to data breach fears
The report reads: “While the company halted certain operations, it worked to quickly restore them.
“The above is a broad explanation of the incident from the external specialist companies, who have provided Capcom with the conclusion that the incident was a malicious, multi-faceted attack that would be difficult to defend against.”
That escalated quickly
At the time of the cyber-attack, Capcom reported that no personal data was thought to have been leaked.
In January, however, an updated press release stated that a total 390,000 of individuals may have potentially had their data compromised.
Capcom also verified that 16,415 individuals had been a victim of data theft, ranging from varying levels of severity.
In the wake of the attack, Capcom said it has strengthened its security measures in various ways, including by the introduction of a security operation center, which “monitors systems and networks around the clock”, and by utilizing software to detect unusual activity on devices and servers within its network.
BACKGROUND Capcom takes systems offline following cyber-attack
The Street Fighter and Resident Evil developer has also undertaken a thorough review of all VPNs and has “improved” management methods for VPNs and other devices.
Capcom did not confirm whether the ransom was paid.
The Daily Swig has reached out to Capcom for further clarification on this.
YOU MAY ALSO LIKE Gigaset Android smartphones infected with malicious system update app