3 July 2026

8 min read

Japanese companies hit by series of cyberattacks | Cyber Intelligence Briefing – 3 July 2026

July 2026
Japanese companies hit by series of cyberattacks | Cyber Intelligence Briefing – 3 July 2026 placeholder thumbnail

Top news stories this week

  1. Rising sun, falling defences.  Japanese companies hit by wave of breaches and ransomware in a single week  
  2. PeopleSoft pillage, EBS siege.  Oracle E-Business Suite still under attack
  3. Tip-off. Huntress investigates employee's communications with ransomware operator
  4. Offside and offliner. Authorities act on illegal World Cup streaming platforms
  5. Fable disabled, then enabled. Access to Anthropic’s latest AI model restored for non-US nationals
  6. No honour among hackers. Ransomware gang claims to have been breached by second threat actor group

1. Japanese companies hit by wave of breaches and ransomware in a single week

Within a single week a series of cyberattacks has affected multiple Japanese industries. Insurer Aflac Japan suffered a data breach disclosing information about 4.38 million policyholders and the payment information of 230,000 customers. Additionally, Beverage giant Sapporo Holdings experienced a cyberattack affecting two of their overseas subsidiaries, while manufacturer Nidec has had its Taiwanese subsidiary held at ransom for $2 million by the cybercriminal group BlackField.

So what?

As organisations expand through subsidiaries, acquisitions, outsourced services, and global supply chains, attackers are increasingly targeting the less visible parts of the business ecosystem. These incidents serve as a reminder that security controls, monitoring, and incident response capabilities must extend across the entire corporate footprint and not just the corporate network.

[Researcher: Harish Raghavan]  


2. Oracle E-Business Suite still under attack

Oracle enterprise applications remain under sustained attack, with ShinyHunters-linked exploitation of a PeopleSoft zero-day affecting more than 100 organisations and now tied to disclosures from Nissan and NAIC. Separately, attackers are exploiting a different critical Oracle E-Business Suite flaw, CVE-2026-46817, while around 950 EBS instances remain exposed online.

So what?

Organisations using Oracle PeopleSoft or E-Business Suite should urgently confirm patch status, identify internet-exposed instances, and ensure critical Oracle CVEs are actively tracked by technology teams and third-party advisory partners. 

[Researcher: Tlhalefo Dikolomela]  


3. Huntress investigates employee's communications with ransomware operator 

Huntress acknowledged that one of its employees informed a cybercriminal that law enforcement had made inquiries about them. Huntress described the employee's actions as 'poor judgment,' but said an internal investigation found no evidence of illegal conduct or insider threat activity. The issue was raised by a former Huntress analyst, who alleged that the employee shared FBI communications with ransomware operator Devman. 

So what?

Any communication with threat actors carries significant risk and should be handled exclusively by trained professionals following strict protocols, rather than by individual employees acting unilaterally.

[Researcher: Milda Petraityte]


Zywave Cyber Incident Response Team of the Year Vote - 2026

 

4. Authorities act on illegal World Cup streaming platforms

The US Department of Justice has seized nearly 400 domains used to illegally stream FIFA World Cup matches as part of "Operation Offsides", a global crackdown targeting piracy infrastructure across multiple countries. While fans may have been hunting for free kick-offs, authorities warned that many of these sites also expose users to malware, phishing scams, and data theft, potentially turning a cheap stream into a potentially costly own goal.

SO WHAT? 

This is a timely crackdown, beyond the legal issues, illegal streaming sites are a proven vector for malware and credential theft, putting viewers' devices and personal data at serious risk.

[Researcher: Jenny Eysert]


5. Access to Anthropic’s latest AI model restored for non-US nationals.

The US Government has permitted Anthropic to allow access to their newest and most advanced model, Fable 5, which previously had access for non-US nationals revoked. Mythos 5 will still not be available to the public due to its potential for harmful security actions. Separately, the cyber security leaders of each of the Five Eyes nations signed a rare joint statement urging companies to take pre-emptive steps to mitigate security risks arising from AI implementation.

So What?

In allowing access to the latest AI models, governments are aligning in stating that responsibility and liability for use of AI remains with the companies that use them – in particular the board.

[Researcher: Ava Pearson + Lester Lim]


6. Ransomware gang claims to have been breached by other cybercriminal group

Market research firm Klue, which disclosed a breach on 12 June, now faces a further complication. The Icarus ransomware group, responsible for the original attack via compromised legacy credentials and Salesforce data exfiltration, has itself been breached by a second unidentified threat actor who is now running extortion campaigns against some of Icarus's existing victims.

SO WHAT? 

Cyber security practitioners and executive leadership teams are encouraged to apply an abundance of caution and diligence before engaging directly with any cybercriminal groups. Engaging third party DFIR providers or threat actor negotiators can help mitigate risks and is highly recommended should such scenarios arise. 

[Researcher: Steve Ross]

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.