Japanese eyeglass lens maker Hoya Corp. was hit by a cyberattack at its key production base in Thailand in late February, leading to a partial shutdown of its factory lines for three days, company officials said Saturday.

About 100 computers were infected with a virus that steals user IDs and passwords, which the company believes was a precursor to spreading another virus to enable the unauthorized use of its computers for cryptocurrency mining. The company says it prevented the second phase of the attack.


In a process called mining, digital currency is awarded to individuals and groups that leverage their computer processing power to perform complex mathematical calculations necessary to maintain and validate the currency's transaction history.

As the value of cryptocurrencies has risen from 2017, there has been a notable increase in illicit mining cases. With currency prices now falling, however, the number of cases is in decline although they are still being detected and being carried out in more sophisticated ways.

In Hoya's case, a computer server controlling the network slowed down on March 1 and workers were no longer able to use software to manage orders and production. Output at two factories dropped to around 40 percent of normal levels.

The company officials said that a heavy load had been placed on the server as the initial virus continued to find its way to other computers.

Computers in Japan that were connected to the network were also affected, disrupting the issuing of invoices. No data leak has been detected, the officials said.

As the factories in Thailand operate around the clock, Hoya had yet to fully recover from the production delay caused by the cyberattack as of the end of March.

But an official said the cyberattack will have "little" impact on business.

The company has not made public how many lenses are produced at the factories.