This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Mitsubishi Heavy Industries attack puts Japan's defence contractors on alert

Share this article:

Viruses have been found on more than 80 computers and servers belonging to a Japanese weapons contractor.

According to media reports, Mitsubishi Heavy Industries (MHI) said it was the victim of a cyber attack reportedly targeting data on missiles, submarines and nuclear power plants.

BBC News reported that MHI was hit by targeted spear phishing attacks that are believed to have originated outside the company's computer network. One Japanese newspaper also reported that Chinese-language script was detected in the attack.

Jason Hart, CEO of CryptoCard, said: “Spear phishing is an unsophisticated form of attack, but by targeting what remains the chink in any organisation's security policy (static passwords), it is highly effective.

“Invariably employees use the same password to access applications across the corporate network because it is easy for them to remember. This represents a serious weakness, as once hackers have this, they can go anywhere and access any data they want to help themselves to.”

According to Reuters, the US has expressed concern about the attacks, with some speculation that they may have included the Stuxnet worm, although MHI has said that its investigation found eight viruses, none of which was Stuxnet.

It also claimed that a second Japanese military contractor, IHI Corp, which builds engine parts for fighter planes, had been sent suspicious emails, about which it had informed the police. Kawasaki Heavy Industries, a producer of planes, helicopters and rocket systems, confirmed that it had also been receiving "virus-tainted" emails.

Catalin Cosoi, head of the online threats lab at Bitdefender, said the MHI attack marks a variation from past high-profile attacks on defence contractors in its use of targeted malware.

He said: “This attack is a bit more sophisticated than similar high-profile incidents that we've seen in recent months. It used targeted malware to breach a military contractor, apparently to extract classified data.

“The main reason people are pointing fingers at China is that it was accused of involvement in previous similar attacks. The attackers could also be engineering the attacks to make China look like the culprit. It's also possible that the attacks were carried out with some inside knowledge, perhaps gained by duping an employee into granting access to sensitive information.”

Aleks Gostev, chief security expert at Kaspersky Lab, doubted that this was the first such attack on a Japanese company, as data shows that Japan's corporations have long been the target for regular cyber attacks, with defence contractors a popular target.

“If such an attack is detected, the targeted company does its utmost to avoid the incident being made public. This is justified in a number of cases when it is possible to play along with the attackers and feed them false data. The fact that the attack on Mitsubishi has become public knowledge most probably means that the situation is very serious and the attack has possibly continued for some time,” he said.

“According to our information, during the attack the company's computers were infected by eight different malicious programs, including keyloggers and remote access Trojans. These programs and the objects that were attacked clearly show that the aim of the attackers was to steal information.

“The company's own specialists, as well as the Japanese agency for combating cyber attacks, have already said that a leak of confidential data has in fact taken place.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...