According to local Japanese media, defense information and nuclear power plant design and safety plans were taken during the attack on Mitsubishi Heavy Industries, which was discovered in August, and disclosed in September.
Japan’s largest defense contractor said in August that it “would continue to strengthen” existing security measures, but believed that it had contained the cyber attack.
In October however, the company changed its tune some, admitting “the company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company.”
Asahi Shimbun is reporting that upon further investigation, Mitsubishi has evidence that not only was data moved around within the company, but the computers at other locations show positive signs that information related to fighter jets and details of nuclear plaint design, equipment, and anti-earthquake measures were taken.
When the scale of the attack was made public, it was disclosed that 83 computers at MHI were compromised, spread out over eleven different locations. Included in the list of locations were the Kobe and Nagasaki shipyards (submarines and destroyers), and the facility in Nagoya, which was developing a guided missile system.
The company, as well as other Japanese and US officials, say that the evidence strongly points to an attack from a nation state, naturally suggesting China. The Communist nation has denied these claims. In September, Mitsubishi Heavy Industries told SecurityWeek that it had no clues as to who was behind the attacks.
Suggested Reading: Breach Forensics: Keeping Things from Going from Bad to Worse
In related news, supporting the suspicion of China’s role in the MHI attack, comes the story that around the same time Japan’s defense industry was targeted, law makers were being monitored.
According to reports, and confirmation from senior officials, the usernames and passwords of some 480 members and staff in the Japanese Parliament’s Lower House were compromised for at least a month before the intrusion was discovered. The destination of the harvested credentials was a server in China.
The company manufactures many weapons systems and aircraft including Patriot missiles, under license from Raytheon, F-15J Fighter Jets, under license from Boeing, and several other guided weapons systems.
Related Reading:
Lockheed Martin Acknowledges “Tenacious” Cyber Attack
Three Lessons from the RSA Hack, from a Customer’s Perspective
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
