The giant media japanese Nikkei Inc., owner Financial Times and of the well-known stock market index Nikkei 225, has confirmed a security breach that affected 17.368 peoplebetween employees and business partners. The incident, found on September 2025originated when a employee was infected with malware, which allowed attackers to steal your login credentials and enter the internal environment of Slackthe messaging platform used by the company.
Input vectors and attack technique
The vector was initially a malware on a personal computer of the employeewho stole the credentials of legitimate authentication. With these, the attackers infiltrated the Slack enterprise Nikkei, accessed legitimate to the network —a tactic difficult to detect using a SIEM or traditional antivirus, since the connections seemed to be authorized. This type of attack fit the pattern of attacks by compromise of credentials combined with lateral movement silent.
Details and compromised data
It was confirmed that the exposure of names, addresses, e-mail and chat history from Slack belonging to more than 17,000 users. Although there were committed to journalistic sources or editorial information, the stolen data have a high value to campaigns spearphishing or corporate espionage. Nikkei reported the incident voluntarily to the Commission for the Protection of Personal Information of Japan, despite not being legally required.
Context and historical background
This is not the first time that Nikkei is facing a serious incident. In 2019lost Us $ 29 million in an attack of Business Email Compromise (BEC), and 2022, its subsidiary in Singapore suffered a attack of ransomware. This new event confirms a trend of attacks, persistent against large media area APAC, as Tech in Asia in 2024, which compromised the data 221,000 users.
How can you help Amber Solutions?
This type of data breach is evidence of the importance of a holistic approach to cybersecurity defensive and proactive. From Amber Solutions we recommend the following services:
- Pentesting and Red Teaming to identify possible vectors such as malware and remote access is not controlled.
- Threat Hunting, and digital forensics and analysis to detect anomalous behaviors post-infection.
- Training in social engineering, and credential management to reduce the risk of human.
- Implementation of solutions EDR/NDR advanced to detect suspicious actions inside of encrypted traffic.
Amber Solutions, we know that each gap is an opportunity to strengthen the defensesand we accompany organizations preventing exploitation of vulnerabilities before attackers do.
