On the 11th of September 2021, Olympus released a statement detailing they are currently investigating some suspicious activity. Olympus also stated that they had “immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.” The statement also highlighted the fact that the attack affected areas of their EMEA (Europe, Middle East, Africa) IT systems on September 8, 2021. And therefore, they had to “suspended data transfers in the affected systems and have informed the relevant external partners.”
Telltale signs
Even though Olympus have not shared any more details on the incident including which threat actors are involved, there is evidence that the threat actors who are responsible for the incident are BlackMatter as a copy of the ransomware note has shared anonymously and included a web address to a Tor site which is known to be used by BlackMatter.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.