Japan Cyber Threat Intelligence Weekly (Apr 12–18, 2026) | Ransomware, ASKUL Breach, APT40 Activity

01 EXECUTIVE SUMMARY 

Japan's threat posture during April 12–18, 2025, is assessed as ELEVATED. Three concurrent risk drivers were observed: active ransomware campaigns by Akira and LockBit 3.0 using novel IoT pivot techniques; a major confirmed data breach at ASKUL Corporation affecting approximately 2.5 million customer records; and sustained APT40 (China) intrusion activity targeting Japanese defense supply chain organizations. Initial Access Broker (IAB) listings on major dark web forums increased 18% week-over-week, predominantly covering manufacturing, logistics, and healthcare sectors.  

Key developments: 

1. ASKUL Corporation data breach — ~2.5M records exposed; METI notified; APPI 72-hour notification window applies. 

2. Akira ransomware adopting IoT/webcam pivot to bypass EDR — confirmed against Japanese manufacturing firm. 

3. NTT breach-linked phishing campaign active — AiTM infrastructure (Evilginx2) bypassing standard TOTP MFA. 

4. APT40 targeting defense-industrial base with SOGU implant via CVE-2024-38214 weaponised DOCX attachments. 

5. Panasonic GENESIS64 SCADA vulnerability (CVSS 7.2) with no available patch poses OT/ICS risk. 

 02  DARK WEB INTELLIGENCE 

Japan-tagged listings on darkweb.vc increased approximately 18% compared to the prior week. The manufacturing and logistics sectors represent 60% of listings. Database and credential sales dominate — consistent with a post-breach monetisation phase aligned with the ASKUL incident timeline. 

03  RANSOMWARE ACTIVITY 

04  INITIAL ACCESS BROKER (IAB) 

Sources: analyzer.vecert.io, darkweb.vc — Japan-region IAB listings April 12–18, 2025 

05 SECURITY INCIDENTS 

06  PHISHING & SOCIAL ENGINEERING TRENDS 

07  APT / STATE ACTOR ACTIVITY 

08  VULNERABILITY INTELLIGENCE 

09  RECOMMENDATIONS 

010  Unit Zero THREAT FORECAST 

Outlook for the coming 7–14 days based on current threat actor behaviour patterns and intelligence trends. 

011 What PIPELINE Inc. Can Do

In such a multifaceted threat landscape, “continuous visibility” and “risk-based prioritization” are essential, in addition to individual countermeasures. PIPELINE Inc. (Unit Zero Threat Intelligence Team), a cyber threat intelligence firm specializing in the Asia-Pacific region, offers the following support:

① Visualization of Externally Exposed Assets (Attack Surface Management)

Continuously monitor the exposure of your company’s domains and IP ranges to the internet. Early detection of unintentionally exposed servers (e.g., ComfyUI-like servers), IoT devices, and unpatched Citrix systems.

② Risk-Based Prioritization

Identify high-risk assets specific to the manufacturing, logistics, and defense supply chains (e.g., GPU servers, OT/ICS, VPN endpoints) and clarify response priorities.

③ Continuous Monitoring and Real-Time Alerts

24/7 monitoring of IAB lists on the dark web, ransomware leak sites, phishing domains targeting Japan, and APT activities. Immediate notification of signs of secondary attacks related to ASKUL/NTT.

④ Operationally Focused Countermeasure Design and Threat Hunting

Security design that does not compromise on-site convenience (FIDO2 implementation support, OT network segmentation, EDR optimization). Proactive threat hunting conducted as needed.

⑤ Regular delivery of weekly and monthly “Japan Threat Digest” reports

We continuously deliver customized versions of this report tailored specifically to your company’s environment. We can also provide executive summaries for management.

PIPELINE’s services cover everything from ‘prevention’ to “detection and response,” and we are particularly well-versed in regulatory compliance specific to Japanese companies (APPI, NISC reporting, MHLW notifications). Please contact us for details.