[June 2026] Top 4 Incidents Concerning Japanese Companies This Month — From BEC Fraud to Waves of Attacks on Overseas Branches
- 2 days ago
- 5 min read

This month saw a series of cyberattacks targeting Japanese companies. Reports included large-scale fund outflows due to business email compromise (BEC), unauthorized access to ISP email systems, and organized ransomware attacks on multiple overseas locations. Particularly noticeable were the increases in damages transmitted through subcontractors and attacks on overseas subsidiaries, highlighting the urgent need to strengthen security across the entire supply chain.
BEC fraud targeting Jellybeans Group — 45 million yen stolen through emails impersonating company executives and employees.
On June 11, 2026, Jellybeans Group Co., Ltd. announced a fund outflow resulting from an unauthorized transfer instruction. On June 3, a third party impersonating an officer or employee of the company made an unauthorized transfer instruction, and approximately 45 million yen was transferred to an external account, exploiting a loophole in the verification system. Once funds are outflowing to an external party, recovery becomes difficult, making prevention more important than reactive measures.
KDDI's email system for ISP operators compromised — up to 14.22 million authentication credentials leaked.
On June 23, KDDI Corporation announced that its email system for ISP operators had been compromised by unauthorized access. The company's email system was attacked on June 17, potentially resulting in the leakage of up to 14.22 million email addresses and passwords. Multiple ISP operators were affected, making this a typical case of damage transmitted through a contracted service provider.
Reference URL: https://newsroom.kddi.com/news/assets/2026/kddi_nr_s-71_4593/kddi_nr_s-71_4593_pdf_01.pdf
Yamaichi Electric's Philippine subsidiary suffers ransomware attack — Initial intrusion route cannot be identified due to log deletion.
Yamaichi Electric Co., Ltd., a company listed on the Tokyo Stock Exchange Prime, announced on June 15th its final report regarding a ransomware attack at its Philippine subsidiary, Pricon Microelectronics. Some servers were infected with ransomware on April 17th, and because the attackers encrypted and deleted logs, the initial intrusion route has not been fully identified. This highlights the difficulty of responding to attacks on overseas locations.
Reference URL: https://scan.netsecurity.ne.jp/article/2026/06/26/55583.html
Unauthorized access to two overseas companies of Sapporo Holdings
On June 24, Sapporo Holdings Ltd. announced that two of its overseas group companies had been subjected to unauthorized access. Overseas locations tend to have weaker security measures than the head office, making them ideal targets for attackers.
Reference URL: https://www.sapporoholdings.jp/announce/dit/?id=9626
Five specific cybersecurity measures that should be implemented on the ground now
1. Enhanced multi-factor authentication and identity verification processes for money transfer instructions.
BEC scams exploit lax verification systems. Especially for large transfers, implement identity verification via phone or video call, rather than relying solely on email. It's crucial to establish a rule that email instructions impersonating company officers or employees must always be verified through a separate channel.
2. Monthly implementation of security risk audits via ISPs and contractors.
Critical infrastructure managed by external vendors, such as email systems, must undergo regular security audits. Establish a system to verify the vendor's vulnerability patch application status and authentication encryption methods at least once a month.
3. Establishment of log monitoring and backup strategies for overseas locations.
It's not uncommon for logs to be deleted in ransomware attacks, making post-incident investigations difficult. An architecture that automatically transfers logs from overseas branches to the head office system to protect them from deletion by attackers is essential.
4. Regular evaluation of the security systems of overseas group companies
Overseas subsidiaries may not be subject to the same strict security rules as the head office. At a minimum, evaluate the security status of overseas locations using a checklist at least quarterly and maintain the same level of security measures as the head office.
5. Pre-design of the initial intrusion path identification process during incident response.
When a ransomware infection occurs, a process is needed to identify the initial intrusion route before logs are deleted. Consider implementing an EDR (Endpoint Detection and Response) tool and securing a 24/7 support line with external experts.
What you can do at PIPELINE Co., Ltd.
PIPELINE Corporation's three main products provide comprehensive protection against these four threats.
RiskSensor (External risk intelligence, attack surface visualization, dark web monitoring)
The BEC (Business Email Compromise) incident at Jellybeans Group and the authentication information leak seen in the KDDI case demonstrate how attackers collect and exploit information from companies and related organizations in advance.
RiskSensor continuously monitors externally accessible assets, including those of your company, subsidiaries, affiliates, and contractors, to detect configuration errors, vulnerabilities, and leaked credentials early. Furthermore, by identifying credentials circulating on the dark web and signs of impending attacks, it supports preventative measures before damage occurs.
ThreatIDR (DNS-level threat blocking, malware/C2 communication blocking)
In ransomware attacks on Yamaichi Electric's Philippine subsidiary and unauthorized access to overseas group companies, it is common for attackers to expand their activities by communicating with external servers after gaining in.
ThreatIDR detects and blocks threat communications at the DNS level, blocking communication with malware-infected devices and attackers' command and control (C2) servers. This prevents ransomware execution, data theft, and lateral spread within the organization at an early stage, thus preventing further damage.
DatalaiQ (Threat Hunting, Log Analysis, Incident Investigation)
In ransomware attacks and unauthorized access, the ability to quickly identify the intrusion route and the scope of impact is crucial in determining the extent of the damage. However, as in the case of Yamaichi Electric, logs are often deleted by the attackers.
DatalaiQ analyzes logs collected from network devices, servers, cloud services, and other sources across the board to support threat hunting and incident investigation. By visualizing security data across the entire group, including domestic and international locations, it accelerates the identification of initial intrusion routes and the assessment of the extent of damage, thereby supporting recovery efforts.
✦ Finally
Thank you for reading this far.
At PIPELINE Corporation, we are a group of experts specializing in cybersecurity and threat intelligence, and we work alongside our clients on the front lines every day to address threats.
"Even if we have a specialized team within the company, we lack the resources," "We don't know where to start," and "We want to prepare realistically, assuming we will be attacked."
We receive many inquiries like this. Regardless of the size of the company, the current situation is that weak points in defenses are easily targeted.
Furthermore, trying to handle everything internally inevitably makes it easier for things to be overlooked.
That's why we focus on practical methods that are useful in the field, rather than idealistic theories, and propose a small-scale, easy-to-implement approach. Even "a small step within your capabilities" can make a big difference in safety.
If you have any concerns at all, please feel free to contact us. Let's work together to find the quickest way to strengthen your security.
![[June 2026] Top 4 Cybersecurity Incidents Impacting Japanese Companies | BEC Fraud, Ransomware, and Supply Chain Attacks PIPELINE](https://static.wixstatic.com/media/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.png/v1/fill/w_366,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.webp)
![[June 2026] Top 4 Cybersecurity Incidents Impacting Japanese Companies | BEC Fraud, Ransomware, and Supply Chain Attacks PIPELINE](https://static.wixstatic.com/media/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.png/v1/fill/w_980,h_670,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.webp)
![[Press Release] Collaboration with 7 domestic companies to strengthen supply chain security PIPELINE](https://static.wixstatic.com/media/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.png/v1/fill/w_389,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.webp)
![[Press Release] Collaboration with 7 domestic companies to strengthen supply chain security PIPELINE](https://static.wixstatic.com/media/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.png/v1/fill/w_980,h_630,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.webp)
![[2nd Week of June 2026] From Zero-Day Attacks to State-Sponsored Attacks: 4 Latest Threats Targeting Japanese Companies PIPELINE](https://static.wixstatic.com/media/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png/v1/fill/w_366,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.webp)
![[2nd Week of June 2026] From Zero-Day Attacks to State-Sponsored Attacks: 4 Latest Threats Targeting Japanese Companies PIPELINE](https://static.wixstatic.com/media/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png/v1/fill/w_980,h_670,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.webp)

![[2nd Week of June 2026] From Zero-Day Attacks to State-Sponsored Attacks: 4 Latest Threats Targeting Japanese Companies PIPELINE](https://static.wixstatic.com/media/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png/v1/fill/w_980,h_513,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png)
![[5th Week of May 2026] Attacks are becoming more automated – 4 of the latest cyber threats targeting Japanese companies](https://static.wixstatic.com/media/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.png/v1/fill/w_980,h_513,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.png)
![[Week 3 of May 2026] Four New Threats Japanese Companies Should Be Wary of: Canvas breach, npm supply chain attack, and ClaudeBleed](https://static.wixstatic.com/media/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.png/v1/fill/w_980,h_513,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.png)
![[June 2026] Top 4 Cybersecurity Incidents Impacting Japanese Companies | BEC Fraud, Ransomware, and Supply Chain Attacks PIPELINE](https://static.wixstatic.com/media/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.webp)
![[June 2026] Top 4 Cybersecurity Incidents Impacting Japanese Companies | BEC Fraud, Ransomware, and Supply Chain Attacks PIPELINE](https://static.wixstatic.com/media/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_7f54d00c113f4af6aea7dbf08e02bc9d~mv2.webp)
![[Press Release] Collaboration with 7 domestic companies to strengthen supply chain security PIPELINE](https://static.wixstatic.com/media/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.webp)
![[Press Release] Collaboration with 7 domestic companies to strengthen supply chain security PIPELINE](https://static.wixstatic.com/media/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_80d22e109c86451f93bd6e9ad0702803~mv2.webp)
![[2nd Week of June 2026] From Zero-Day Attacks to State-Sponsored Attacks: 4 Latest Threats Targeting Japanese Companies PIPELINE](https://static.wixstatic.com/media/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.webp)
![[2nd Week of June 2026] From Zero-Day Attacks to State-Sponsored Attacks: 4 Latest Threats Targeting Japanese Companies PIPELINE](https://static.wixstatic.com/media/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_77789520e7b54469970eebdda4caea9c~mv2.webp)
![[5th Week of May 2026] Attacks are becoming more automated – 4 of the latest cyber threats targeting Japanese companies](https://static.wixstatic.com/media/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.webp)
![[5th Week of May 2026] Attacks are becoming more automated – 4 of the latest cyber threats targeting Japanese companies](https://static.wixstatic.com/media/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_13c273711c304fd2b2893f20be1f2e08~mv2.webp)
![[Week 3 of May 2026] Four New Threats Japanese Companies Should Be Wary of: Canvas breach, npm supply chain attack, and ClaudeBleed](https://static.wixstatic.com/media/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.webp)
![[Week 3 of May 2026] Four New Threats Japanese Companies Should Be Wary of: Canvas breach, npm supply chain attack, and ClaudeBleed](https://static.wixstatic.com/media/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_f5d30c2fc79344eb8199da2390a2c1c3~mv2.webp)
![[Third Week of May 2026] Four Incidents at Japanese Companies: From GitHub Credential Leaks to Ransomware Attacks](https://static.wixstatic.com/media/95ec1f_e00e67a4854b4a8882a13950e4a7a324~mv2.png/v1/fill/w_444,h_250,fp_0.50_0.50,q_35,blur_30,enc_avif,quality_auto/95ec1f_e00e67a4854b4a8882a13950e4a7a324~mv2.webp)
![[Third Week of May 2026] Four Incidents at Japanese Companies: From GitHub Credential Leaks to Ransomware Attacks](https://static.wixstatic.com/media/95ec1f_e00e67a4854b4a8882a13950e4a7a324~mv2.png/v1/fill/w_385,h_217,fp_0.50_0.50,q_95,enc_avif,quality_auto/95ec1f_e00e67a4854b4a8882a13950e4a7a324~mv2.webp)