Hackers Steal Employee and Corporate Information From Mitsubishi Electric

Personal and corporate information was stolen from electronics and electrical equipment manufacturing company Mitsubishi Electric during a data breach that occurred last year.

In a notice published on Monday, the Japanese company confirmed not only that its network was breached, but also that the attackers may have accessed some personal and confidential corporate information.

The manufacturer revealed that it discovered suspicious behavior on a system on June 28 last year, and that it immediately restricted external access.

The company says its internal investigation has confirmed that “sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning business partners” hasn’t been stolen.

The company has also revealed that the attackers were careful enough to erase their tracks, which made the compromise difficult to detect on some systems.

Mitsubishi Electric estimates that the hackers exfiltrated around 200MB of data, including employment application information on 1,987 people, employee information on 4,566 people, and information on 1,569 retired employees of affiliated companies.

Confidential technical materials, sales materials, and other trade secrets might have been leaked as well, the company reported.

The manufacturer said it started sending notices of the data breach on January 20, and it is also informing customers about the potential leak of trade secrets. Authorities have been alerted as well.

To access the company’s network, the attackers apparently targeted a vulnerability in an anti-virus product before a patch was released.

According to Japanese newspapers, the attackers gained access to the company’s systems via hijacked email accounts, after initially compromising a China-based affiliate. The hackers had apparently compromised over 120 systems at 14 locations.

Asahi Shimbun reports that data on 10 public and government agencies was stolen during the attack, along with data on the Ministry of Defense, the Ministry of the Environment, the Cabinet Office, the Nuclear Regulatory Commission, and the Agency for Natural Resources and Energy.

The attack is supposedly the work of China-linked hacking group Tick, which has been known to target large companies through their Chinese subsidiaries. Over the past few years, the threat actor has targeted various organizations in Japan and South Korea.

“While the type of data breached is unclear, knowing that Mitsubishi Electric is a top contractor for Japan’s military and infrastructure, this breach is especially concerning. Enterprises and organizations that regularly handle sensitive and confidential data must understand the serious risks associated with a breach of that information and leverage Zero Trust security strategies, where organizations ‘never trust, but always verify’ entities outside and inside their network,” Ben Goodman, CISSP and SVP of global business and corporate development at ForgeRock, told SecurityWeek in an emailed comment.

“To avoid a fate similar to that of Mitsubishi Electric, companies must understand the importance of security solutions that provide full visibility and control over their data. In other words, they must implement tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information,” Anurag Kahol, CTO of Bitglass, commented via email.

Related: Don’t Fall Victim to IP Theft and Corporate Espionage

Related: China-linked Hackers Targeting Air-Gapped Systems: Report