Security Experts:

Connect with us

Hi, what are you looking for?



Japanese Defense Contractors Pasco, Kobe Steel Disclose Old Breaches

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018.

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018.

Pasco is Japan’s largest geospatial service provider and Kobe Steel is a major steel manufacturer. The two companies disclosed the breaches after Japan’s Ministry of Defense announced last week that two unnamed contractors, in addition to Mitsubishi Electric and NEC, had been targeted in cyberattacks.

Both companies and the Ministry of Defense said that no classified government information was compromised. Pasco also said it had not found any evidence that personal or business information had been exfiltrated, but in Kobe’s case some files may have been stolen.

Kobe said it first identified unauthorized access to its network in August 2016 and again in June 2017 while it was implementing new security measures. Pasco revealed that it had detected a hacker attack in May 2018.

Mitsubishi Electric reported in January that it discovered a breach in June 2019. The attack impacted both employee and corporate data and resulted in the theft of technical and sales materials, and trade secrets.

It has been reported that the attack on Mitsubishi Electric involved exploitation of a vulnerability in Trend Micro’s OfficeScan product. The flaw, tracked as CVE-2019-18187, has been described as an arbitrary file upload issue that could lead to remote code execution. In an advisory published in October 2019, Trend Micro warned that the vulnerability had been exploited in the wild.

In the case of NEC, the company said last month that the initial intrusion occurred sometime after December 2016, but it was only discovered in July 2017. More evidence of a breach was discovered in July 2018.

NEC said the attackers gained access to tens of thousands of files, but it had found no evidence that information was leaked.

The attacks on Mitsubishi Electric, NEC and Pasco are believed to have been carried out by Chinese hackers.

Related: China-Linked Group Uses New Malware in Japan Attacks

Related: EU-Japan Deal to Protect Data Exchanges Takes Effect

Related: Japan Firm Says $32 Million Missing in Cryptocurrency Hack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.