Mitsubishi Heavy Industries attack puts Japan's defence contractors on alert
Viruses have been found on more than 80 computers and servers belonging to a Japanese weapons contractor.
According to media reports, Mitsubishi Heavy Industries (MHI) said it was the victim of a cyber attack reportedly targeting data on missiles, submarines and nuclear power plants.
BBC News reported that MHI was hit by targeted spear phishing attacks that are believed to have originated outside the company's computer network. One Japanese newspaper also reported that Chinese-language script was detected in the attack.
Jason Hart, CEO of CryptoCard, said: “Spear phishing is an unsophisticated form of attack, but by targeting what remains the chink in any organisation's security policy (static passwords), it is highly effective.
“Invariably employees use the same password to access applications across the corporate network because it is easy for them to remember. This represents a serious weakness, as once hackers have this, they can go anywhere and access any data they want to help themselves to.”
According to Reuters, the US has expressed concern about the attacks, with some speculation that they may have included the Stuxnet worm, although MHI has said that its investigation found eight viruses, none of which was Stuxnet.
It also claimed that a second Japanese military contractor, IHI Corp, which builds engine parts for fighter planes, had been sent suspicious emails, about which it had informed the police. Kawasaki Heavy Industries, a producer of planes, helicopters and rocket systems, confirmed that it had also been receiving "virus-tainted" emails.
Catalin Cosoi, head of the online threats lab at Bitdefender, said the MHI attack marks a variation from past high-profile attacks on defence contractors in its use of targeted malware.
He said: “This attack is a bit more sophisticated than similar high-profile incidents that we've seen in recent months. It used targeted malware to breach a military contractor, apparently to extract classified data.
“The main reason people are pointing fingers at China is that it was accused of involvement in previous similar attacks. The attackers could also be engineering the attacks to make China look like the culprit. It's also possible that the attacks were carried out with some inside knowledge, perhaps gained by duping an employee into granting access to sensitive information.”
Aleks Gostev, chief security expert at Kaspersky Lab, doubted that this was the first such attack on a Japanese company, as data shows that Japan's corporations have long been the target for regular cyber attacks, with defence contractors a popular target.
“If such an attack is detected, the targeted company does its utmost to avoid the incident being made public. This is justified in a number of cases when it is possible to play along with the attackers and feed them false data. The fact that the attack on Mitsubishi has become public knowledge most probably means that the situation is very serious and the attack has possibly continued for some time,” he said.
“According to our information, during the attack the company's computers were infected by eight different malicious programs, including keyloggers and remote access Trojans. These programs and the objects that were attacked clearly show that the aim of the attackers was to steal information.
“The company's own specialists, as well as the Japanese agency for combating cyber attacks, have already said that a leak of confidential data has in fact taken place.”