Home · Briefs · CTI Daily Brief — 2026-07-01
Blackfield ransomware demands $2M from Nidec's Taiwanese subsidiary after a 22 June server compromise
From CTI Daily Brief — 2026-07-01 · published 2026-07-01
Nidec Corporation's own investor-relations disclosure (2026-06-24, Tokyo Stock Exchange 6594) confirmed that its Taiwanese subsidiary Nidec Chaun Choung Technology suffered "ransomware-originated damage" to part of a subsidiary server on 2026-06-22, that the affected server and network were shut down as an emergency measure, and that the subsidiary runs an independent network isolated from the wider Nidec Group so parent operations are unaffected (Nidec Corporation, 2026-06-24). The in-window development: BleepingComputer reported on 2026-06-30 that the Blackfield ransomware crew claims the intrusion, is demanding $2 million to delete allegedly stolen data with a 15-day negotiation deadline, and is separately advertising the archive for immediate sale (BleepingComputer, 2026-06-30). Note the gap between the actor's exfiltration claim and Nidec's own statement, which as of 2026-06-24 says no personal or confidential data had been confirmed leaked — Blackfield claims data theft; Nidec has not confirmed a leak.
Why it matters to us: subsidiary/OT-adjacent segmentation is doing its job here (isolated subsidiary network limited blast radius) — a concrete counter-example worth citing when arguing for network isolation of acquired-company and regional-subsidiary estates. Attribute the extortion claim, not confirmed exfiltration.