The Japan Ministry of Defense recently announced that defense-related sensitive data may have been breached after the cyberattack on Mitsubishi Electric Corp., a major supplier of the country’s defense and infrastructure systems. According to the Ministry, information related to bidding for contracts on defense equipment research, including evaluation criteria and required performances may have leaked in the incident. It’s claimed that Mitsubishi converted the government’s paper documents into PDF files and kept them on its internal network, even though it was not permitted to do so.
The Ministry stated that it’s still investigating the potential data breach to find out whether it will have an impact on national security. Initially, Mitsubishi Electric denied the possibility of a data breach of defense and infrastructure information when it first reported a cyberattack in January 2020. However, after further investigation, the Tokyo-based firm confirmed that the defense ministry’s data was included in the breach. It’s said that Mitsubishi discovered the cyberattack in 2019, but did not disclose it to the public for more than half a year.
Breach Overview
Mitsubishi Electric released a notice on January 20, 2020, detailing the cyberattack that occurred in June 2019. According to the source, a Chinese hacking group tracked as “Tick” was likely behind the attack. It’s said that Tick was active for a long time and is known for stealing sensitive data from the defense, aerospace, chemical, and satellite industries in Japan and China.
The unauthorized access began with compromising computer systems in Mitsubishi’s office located in China and spread to Japan. The attackers used the compromised accounts to infiltrate into the company’s internal network and gained access to server systems that had sensitive information. It’s believed that intruders managed to access computers, servers, and company sites.
Other Cyberattacks that Targeted Japan’s Defense Secrets
On January 31, 2020, NEC Corp., a Japanese IT and electronics company, accepted a data breach and stated that its network was penetrated and compromised to a cyberattack that occurred in December 2016. The attack was spotted in June 2017, following which all unauthorized communications detected were blocked by the IT teams. The encrypted communication information between the compromised server and the external exfiltration server was finally decrypted in July 2018 and it was found that the defense business division’s 27,445 files were accessed illegally.
Recently, Pasco Corp. and Kobe Steel, rendering services to the Japanese armed forces, disclosed a possible data breach that occurred in June 2015, followed by a second attempt in August 2016.
Pasco Corp. is an aerial image surveillance provider and has tie-ups with the Japanese Ministry of Defense for delivering latest satellite images to monitor the work and progress at various defense bases and other locations. As far as Kobe Steel is concerned, it manufactures underwater launch tubes for Japanese submarines and provides critical submarine spare-parts for the Japan Self-Defense Forces (SDF). Therefore, an attempt of intrusion or data breach by threat actors in both cases is thought to be targeted directly at acquiring defense secrets of the country.