Japanese global logistics company confirms ransomware attack
A major Japanese logistics provider confirmed this week that it had fallen victim to a ransomware attack, disrupting some of its systems.
The Tokyo-based Kintetsu World Express (KWE), which offers air and sea cargo services globally, has not yet identified the specific threat actor behind the attack. In a statement on Wednesday, the company said it is in the process of restoring affected systems.
"We will notify customers immediately if we determine their data has been compromised," it added.
KWE specializes in freight forwarding, or the coordination of shipments on behalf of businesses. It’s a subsidiary of Kintetsu Group Holdings, a major Japanese railway holding company. The logistics firm operates in over 30 countries with numerous offices worldwide.
The attack was first discovered on April 23, when KWE reported service disruptions affecting certain customers. However, no additional details were provided at that time.
The company has not said if a ransom was demanded, and if so, whether it would pay. The investigation into the incident is ongoing.
This is not the first cyberattack targeting KWE. Last April, a hacker group known as 888 claimed responsibility for breaching the data of hundreds of KWE’s clients.
Cybersecurity threats targeting Japanese companies have escalated in recent months. Trend Micro, a cybersecurity firm, reported that at least 46 entities across Japan, including banks and government agencies, have been attacked since late 2024.
Earlier this year, Japan's largest mobile carrier, NTT Docomo, disclosed a distributed denial-of-service (DDoS) attack that temporarily disrupted its services. In December, it was reported that a major Japanese media company known for producing manga, anime, and video games, Kadokawa, allegedly paid nearly $3 million to Russia-linked hackers known as BlackSuit following a data breach.
Other Japanese companies dealing with cyberattacks over the past year include watchmaker Casio, electric motor manufacturer Nidec, automotive parts manufacturer Yorozu, and the research and development organization Monohakobi.
Japan’s major financial institutions, including Mitsubishi UFJ Bank, Resona Bank, and Mizuho Bank, also experienced disruptions in internet banking services due to alleged cyberattacks, according to local media reports.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.