Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Fujitsu Retires Tool Targeted by Threat Actors

Japanese tech giant Fujitsu has announced plans to retire the ProjectWEB project information sharing tool after it was targeted by threat actors earlier this year.

Designed to aid collaboration between teams, ProjectWEB is a tool that organizations can employ to share project data both within and outside of their environments.

Japanese tech giant Fujitsu has announced plans to retire the ProjectWEB project information sharing tool after it was targeted by threat actors earlier this year.

Designed to aid collaboration between teams, ProjectWEB is a tool that organizations can employ to share project data both within and outside of their environments.

In May 2021, ProjectWEB was the target of a cyberattack that resulted in threat actors compromising some information that Fujitsu’s customers were sharing within the application, including data from Japanese ministries.

The Japanese company stopped the service immediately and launched an investigation into the incident, which uncovered a series of vulnerabilities that adversaries could have used to gain access to the sharing tool.

“One of these was used to illegitimately obtain legitimate IDs and passwords to make unauthorized access to ProjectWEB in such a way that it appeared like an authorized user was accessing the tool through normal channels of authentication and communication,” the company says.

This week, Fujitsu announced that, after appointing a dedicated CISO on October 1, it decided to discontinue the vulnerable ProjectWEB and focus resources on developing a new tool to replace it.

“Fujitsu Limited will introduce a new project information sharing tool that addresses the issues raised by this incident with robust information security measures including those in line with zero-trust practices and will be migrating project management tasks to the new tool. As a result of the review, it was decided to discontinue the use of the existing information sharing tool,” the company announced.

For the time being, however, Fujitsu isn’t providing further information on the May security incident, as the results of its internal investigation are pending review by a committee of external experts.

The company is also consulting with the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) “to confirm the appropriateness of the investigation into the cause of this incident” and will share more on the matter once the reviews are completed.

Related: Japanese Ministries Confirm Impact from Fujitsu Data Breach

Related: Russia-Linked SolarWinds Hackers Continue Supply Chain Attack Rampage

Related: North Korean Hackers Targeting IT Supply Chain: Kaspersky

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.