Japanese companies, Pasco Corp. and Kobe Steel, rendering services to the Japanese armed forces, disclosed a possible data breach that took place in May 2018 and June 2015, followed by a second attempt in August 2016, respectively.
Pasco Corp. is an aerial image surveillance provider and has tie-ups with the Japanese Ministry of Defense for delivering latest satellite images to monitor the work and progress at various defense bases and other locations. As far as Kobe Steel is concerned, it manufactures underwater launch tubes for Japanese submarines and provides critical submarine spare-parts for the Japan Self-Defense Forces (SDF). Therefore, an attempt of intrusion or data breach by threat actors in both cases is thought to be targeted directly at acquiring defense secrets of the country.
Was Data Breached or Not?
Both, Pasco and Kobe Steel’s official statements said that no damage has been done in either of the data breach attempts as no information leakage had been discovered so far during the joint investigations carried out by the Ministry of Defense and various government and state authorities. However, a report from Nikkei stated that 250 files containing information related to the Ministry of Defense and personally identifiable information (PII) of certain stakeholders were compromised during one of the cyberattacks.
Defense Minister Taro Kono revealed these cyberattacks on defense-related companies in a press conference held on January 31, 2020.. He said, “No secret has been leaked by the Ministry of Defense. I think it (data breach) should be publicly disclosed. It is necessary to get the world to know and think about (cyber) defenses.”
The NEC and Mitsubishi Data Breaches
The other two companies that reported of possible data breaches targeting Japan’s defense secrets were NEC and Mitsubishi. On January 31, 2020, NEC, in a brief statement, accepted the data breach and stated that its network was penetrated and compromised to a cyberattack that was launched in December 2016. The attack was spotted in June 2017, following which all unauthorized communications detected were blocked by the IT teams. The encrypted communication information between the compromised server and the external exfiltration server was finally decrypted in July 2018 and it was found that the defense business division’s 27,445 files were accessed illegally.
Cyberattack on Mitsubishi
A week earlier in January 2020, a Japanese electronics manufacturer, Mitsubishi Electric confirmed that it was hit by a cyberattack in June 2019. The Tokyo-based firm released a notice detailing the data leak in the wake of two news stories published recently by Asahi Shimbun and Nikkei.
According to the internal investigation, which began in September 2019, the security incident compromised the information of Mitsubishi’s public and private business partners, defense-related details, and data on critical social infrastructure like electricity and railways. It’s believed that intruders managed to access computers, servers, and company sites, including details on the company’s joint projects, negotiations, research documents, and data of government organizations like the Ministry of Defense, the Nuclear Regulation Authority, and the Agency for Natural Resources and Energy.
