Japan’s Kawasaki Heavy Industries has confirmed a security breach after unknown threat actors illicitly obtained access to its internal networks by exploiting servers located overseas. The authorities stated that some critical information may have been exposed to third-party vendors.
“The company has found no evidence of leaking information to the external network. However, due to the fact that the scope of unauthorized access spanned multiple domestic and overseas offices, it took a considerable amount of time until the company can formally announce the incident. We sincerely apologize for this delay and the inconvenience and concern to customers and other related parties,” Kawasaki said in an official statement.
What Happened?
Kawasaki discovered unauthorized parties accessing its server in Japan from its Thailand’s office on June 11, 2020. The communication between the overseas servers was immediately terminated as a precautionary measure. Kawasaki also discovered unauthorized access from overseas offices located in Indonesia, the U.S., and the Philippines. “We have therefore enhanced monitoring operations to accesses from overseas offices and tightened access restrictions to block unauthorized accesses,” Kawasaki said.
Threat Summary
June 11 – Kawasaki identified unauthorized access from an overseas office in Thailand by an internal system audit of the Japan office.
June 15 – Kawasaki confirmed a possibility of a data breach to external parties.
June 16 – Confirmed unauthorized access from the overseas office in Thailand to multiple servers in the Japan data center.
June 24 – Confirmed unauthorized accesses from other overseas offices in Indonesia and the Philippines to the Japan office.
July 8 – Discovered suspicious activity from overseas office in the U.S to the Japan office.
August 3 – Kawasaki implements enhanced network communication restrictions at all overseas offices.
October 5 – Performed a thorough security soundness inspection of approximately 3,000 terminals in overseas offices network, where breaches possibly occurred.
October 30 – Confirmed by continuous network monitoring that no further unauthorized access to the Japan office occurred after August.
November 30 – Restored the network communication that was terminated between overseas offices and the Japan office.
December 21 – Continued monitoring of network traffic after resuming the connection of the restricted overseas offices.
What’s the Impact?
Kawasaki Heavy Industries is a multinational organization that produces a range of consumer products, including motorcycles, marine craft, and heavy industrial equipment for the energy, automotive, aerospace, and defense sectors. Since the company handles critical data and social infrastructure-related information, the recent data breach seems to be the top concern, as cybercriminals could exploit the sensitive data for their advantage.
Kawasaki stated that it informed the affected customers of the security incident. The company is also strengthening access control in communication networks between the overseas and domestic offices to prevent a recurrence.
