Toyota restarts production after cyberattack halt

Motor giant had shut down 14 Japanese plants after attack on key supplier

Toyota’s Tsutsumi car assembly plant in Toyota, near Nagoya, central Japan, which was among those shut down on Tuesday following a cyberattack on a key supplier. Photograph: Franck Robichon/EPA

Toyota will restart domestic production from Wednesday after a cyberattack on a supplier ground the motor giant's factories to a halt, sparking concerns about vulnerability in Japan's Inc's supply chain.

No information was available about who was behind the attack, nor the motive. It came just after Japan joined Western allies in clamping down on Russia in response to the invasion of Ukraine, although it was unclear whether the attack was related.

Cybersecurity has emerged as a key area of concern in Japan, where government critics say responses to hacking threats have been hampered by a fractured approach. An attack on a hitherto obscure supplier was enough to bring one of the world’s mightiest manufacturers to a domestic standstill.

Toyota’s production lines will be switched back on at its 14 factories across Japan on Wednesday, the company said in a statement. Tuesday’s suspension hit output of around 13,000 vehicles.


Japanese factories account for about a third of Toyota's production. The shutdown included some plants operated by Toyota-affiliated Hino Motors and Daihatsu Motor.

Plastic parts

Kojima Industries, which provides plastic parts and electronic components to the automaker, said it had discovered an error at one of its file servers on Saturday. After rebooting the server, it confirmed it had been infected with a virus, and found a threatening message, it said in a separate statement.

The message was written in English, a Kojima spokesperson told Reuters, but declined to give further details.

The system failure at Kojima meant the supplier was unable to ship parts, forcing Toyota, which does not stockpile components at its plants, to pause production, a Toyota spokesperson said.

The incident hinders Toyota’s efforts to return to full production following factory halts in January and February because of chip shortages and Covid-related disruptions.

Toyota, which had been relatively resilient to supply chain snags through most of the pandemic, has been trying to ramp up production to make up for lost output and meet soaring global demand for new vehicles.


Japanese government ministers said they were following the incident closely. While big companies have cybersecurity measures in place, the government is worried about small or mid-level subcontractors, the industry minister, Koichi Hagiuda, told reporters on Tuesday.

Reports of the powerful malware Emotet being used have increased since the first week of February 2022, according to the Japan computer emergency response team/coordination centre, which provides information on cybersecurity.

Emotet is used to gain access to a victim’s computer before then downloading additional malicious software, such as those designed to steal banking passwords, or ransomware which can lock a computer until an extortion fee is paid.

It was not clear whether Emotet was used on the Toyota supplier. Toyota declined to comment on whether it had detected early signs of a potential cyberattack or whether Emotet was responsible for paralysing its operation.

Kojima only supplies to Toyota and is a top-tier supplier of some parts, and a second-tier supplier of others, the Kojima spokesperson said. Toyota’s operations in Japan encompass a supply chain of 60,000 companies across four tiers.

Toyota said it would be able to resume operation by tapping into a back-up network between it and the supplier. It would take a week or two to fully restore the system, it said.

Toyota shares finished flat on Tuesday, underperforming a 1.2 per cent gain in the broader market. – Reuters / Bloomberg