Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018.
Pasco is Japan’s largest geospatial service provider and Kobe Steel is a major steel manufacturer. The two companies disclosed the breaches after Japan’s Ministry of Defense announced last week that two unnamed contractors, in addition to Mitsubishi Electric and NEC, had been targeted in cyberattacks.
Both companies and the Ministry of Defense said that no classified government information was compromised. Pasco also said it had not found any evidence that personal or business information had been exfiltrated, but in Kobe’s case some files may have been stolen.
Kobe said it first identified unauthorized access to its network in August 2016 and again in June 2017 while it was implementing new security measures. Pasco revealed that it had detected a hacker attack in May 2018.
Mitsubishi Electric reported in January that it discovered a breach in June 2019. The attack impacted both employee and corporate data and resulted in the theft of technical and sales materials, and trade secrets.
It has been reported that the attack on Mitsubishi Electric involved exploitation of a vulnerability in Trend Micro’s OfficeScan product. The flaw, tracked as CVE-2019-18187, has been described as an arbitrary file upload issue that could lead to remote code execution. In an advisory published in October 2019, Trend Micro warned that the vulnerability had been exploited in the wild.
In the case of NEC, the company said last month that the initial intrusion occurred sometime after December 2016, but it was only discovered in July 2017. More evidence of a breach was discovered in July 2018.
NEC said the attackers gained access to tens of thousands of files, but it had found no evidence that information was leaked.
The attacks on Mitsubishi Electric, NEC and Pasco are believed to have been carried out by Chinese hackers.
Related: China-Linked Group Uses New Malware in Japan Attacks
Related: EU-Japan Deal to Protect Data Exchanges Takes Effect
Related: Japan Firm Says $32 Million Missing in Cryptocurrency Hack
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Latest News
- Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Government Shutdown Could Bench 80% of CISA Staff
- Moving From Qualitative to Quantitative Cyber Risk Modeling
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
- Sysdig Launches Realtime Attack Graph for Cloud Environments
