Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Defense and Nuclear Information Targeted in Mitsubishi Attack

According to local Japanese media, defense information and nuclear power plant design and safety plans were taken during the attack on Mitsubishi Heavy Industries, which was discovered in August, and disclosed in September.

Japan’s largest defense contractor said in August that it “would continue to strengthen” existing security measures, but believed that it had contained the cyber attack.

According to local Japanese media, defense information and nuclear power plant design and safety plans were taken during the attack on Mitsubishi Heavy Industries, which was discovered in August, and disclosed in September.

Japan’s largest defense contractor said in August that it “would continue to strengthen” existing security measures, but believed that it had contained the cyber attack.

In October however, the company changed its tune some, admitting “the company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company.”

Asahi Shimbun is reporting that upon further investigation, Mitsubishi has evidence that not only was data moved around within the company, but the computers at other locations show positive signs that information related to fighter jets and details of nuclear plaint design, equipment, and anti-earthquake measures were taken.

When the scale of the attack was made public, it was disclosed that 83 computers at MHI were compromised, spread out over eleven different locations. Included in the list of locations were the Kobe and Nagasaki shipyards (submarines and destroyers), and the facility in Nagoya, which was developing a guided missile system.

The company, as well as other Japanese and US officials, say that the evidence strongly points to an attack from a nation state, naturally suggesting China. The Communist nation has denied these claims. In September, Mitsubishi Heavy Industries told SecurityWeek that it had no clues as to who was behind the attacks.

Suggested Reading: Breach Forensics: Keeping Things from Going from Bad to Worse

In related news, supporting the suspicion of China’s role in the MHI attack, comes the story that around the same time Japan’s defense industry was targeted, law makers were being monitored.

According to reports, and confirmation from senior officials, the usernames and passwords of some 480 members and staff in the Japanese Parliament’s Lower House were compromised for at least a month before the intrusion was discovered. The destination of the harvested credentials was a server in China.

The company manufactures many weapons systems and aircraft including Patriot missiles, under license from Raytheon, F-15J Fighter Jets, under license from Boeing, and several other guided weapons systems.

Related Reading:

Lockheed Martin Acknowledges “Tenacious” Cyber Attack

Three Lessons from the RSA Hack, from a Customer’s Perspective

Foreign Cyber Attack Hits Canadian Government

Guerilla Cyber Warfare: Are We Thinking Defensively?

Written By

Click to comment

Expert Insights

Related Content

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

ICS/OT

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

Data Protection

Artificial intelligence is more artificial than intelligent.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...