According to local Japanese media, defense information and nuclear power plant design and safety plans were taken during the attack on Mitsubishi Heavy Industries, which was discovered in August, and disclosed in September.
Japan’s largest defense contractor said in August that it “would continue to strengthen” existing security measures, but believed that it had contained the cyber attack.
In October however, the company changed its tune some, admitting “the company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company.”
Asahi Shimbun is reporting that upon further investigation, Mitsubishi has evidence that not only was data moved around within the company, but the computers at other locations show positive signs that information related to fighter jets and details of nuclear plaint design, equipment, and anti-earthquake measures were taken.
When the scale of the attack was made public, it was disclosed that 83 computers at MHI were compromised, spread out over eleven different locations. Included in the list of locations were the Kobe and Nagasaki shipyards (submarines and destroyers), and the facility in Nagoya, which was developing a guided missile system.
The company, as well as other Japanese and US officials, say that the evidence strongly points to an attack from a nation state, naturally suggesting China. The Communist nation has denied these claims. In September, Mitsubishi Heavy Industries told SecurityWeek that it had no clues as to who was behind the attacks.
Suggested Reading: Breach Forensics: Keeping Things from Going from Bad to Worse
In related news, supporting the suspicion of China’s role in the MHI attack, comes the story that around the same time Japan’s defense industry was targeted, law makers were being monitored.
According to reports, and confirmation from senior officials, the usernames and passwords of some 480 members and staff in the Japanese Parliament’s Lower House were compromised for at least a month before the intrusion was discovered. The destination of the harvested credentials was a server in China.
The company manufactures many weapons systems and aircraft including Patriot missiles, under license from Raytheon, F-15J Fighter Jets, under license from Boeing, and several other guided weapons systems.
Related Reading:
Lockheed Martin Acknowledges “Tenacious” Cyber Attack
Three Lessons from the RSA Hack, from a Customer’s Perspective
