Toyota’s just in time manufacturing faced with disruptive cyberattack

Toyota’s just in time manufacturing faced with disruptive cyberattack

Toyota suspended the operation of 28 lines at 14 plants in Japan on Tuesday, March 1, after a cyberattack on supplier Kojima Industries Corp. Some plants operated by Toyota’s affiliates Hino Motors and Daihatsu are included in the shutdown.

Hino suspended all operations at its Koga facility, which manufactures large and midsize trucks for export and domestic sale, and its Hamura plant, which makes small trucks and handles production for Toyota. The shutdown also includes a Daihatsu plant in Kyoto Prefecture.


Kojima is a business partner of the Toyota Motor Corporation that manufactures interior and exterior automotive components. For Toyota, Kojima is a domestic supplier of plastic parts and electronic components.

Toyota said it expects to be able to resume all operations from the first shift today, March 2.

In a statementabout the production halt, Toyota said:

“We will also continue to work with our suppliers in strengthening the supply chain and make every effort to deliver vehicles to our customers as soon as possible.”

Toyota went on to apologize to its customers, suppliers, and other related parties for any inconvenience caused by the sudden shutdown.


This is the second blow to Toyota production this year. Earlier in February it saw some of its production stopped in North America due to parts shortages caused by the Canadian trucker protests. And this while it is already tackling supply chain disruptions around the world caused by the Covid pandemic, which has forced Toyota and other carmakers to curb output.

Just-in-time delivery systems provide goods as orders come in, allowing for a lean, at-need production process with little to no surplus. But as we’ve learned from the pandemic, these types of systems are vulnerable to sudden peaks in demand, as well as disruptions in the supply chains. Depleting supply chains has already hit several industries, especially at the beginning of the pandemic.

To western style economies, a continuous flow of goods and components is of the utmost importance. We regard transport and logistics as vital infrastructurefor compelling reasons. Many of our factories depend on components made on the other side of the globe. But as we can see from the example at hand, even a disruption at a domestic supplier can stop the production lines.

Many of the roughly 400 tier one suppliers that Toyota deals with directly are connected to the automaker’s just-in-time production control system, which allowed the problems at Kojima Industries to spill over to Toyota. The automaker says it halted production to prevent longer-term damage, and prioritized inspection and recovery of the system.

The attack

Kojima said it was still investigating the origin of the cyberattack, the specific malware involved and the damage caused. Toyota representatives and cybersecurity experts are at Kojima Industries to determine the cause and how to restore the system. As of the time of this writing, the website for Kojima Industries is not online.

Needless to say speculation is rampant, but without further information about the nature of the attack, it is near impossible to tell whether this attack can be linked to any ongoing cyberattacks related to the situation in the Ukraine, or whether it is the result of a run-of-the-mill ransomware attack.

Prime Minister Fumio Kishida said that it was premature for anyone to tie the cyberattack to Japan’s decision to send $100 million in aid to Ukraine and sanction officials from Russia. The Japanese government is working to confirm the situation while law enforcement is looking into the matter.

Stay safe, everyone!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.