.jpg)
Update: NEC confirmed the security breach of its defense business division in an official statement, click here for more details.
The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter.
The electronics and information technology giant is a major contractor for Japan's defense industry, engaged in various defense equipment projects with the Japan Self-Defense Forces (JGSDF or Jieitai), including but not limited to 3D radar, broadband multipurpose radio systems and may have leaked relevant information.
While NEC hasn't yet released any official statements regarding this incident, roughly 28,000 files were found by the company on one of the compromised servers according to reports, some of them containing defense equipment info such as submarine sensors.
NEC said that it has routinely discovered attempts to gain unauthorized access to its internal network, but also explained that there is no evidence that info has been leaked or has been damaged so far.
NEC's Public Relations Office also told the NHK, the Asahi Shimbun, and Kyodo News that an information leak is possible given the lack of evidence.
"We have not confirmed any damage such as information leaks so far. However, it cannot be said that it has not leaked," NEC said.
However, according to Nikkei, the Japanese Ministry of Defense said that the exposed files contained "information on contracts with NEC, not defense secrets, and there is no impact on Japan's defense system."
BleepingComputer has reached out to NEC for more details regarding the incident but had not heard back at the time of this publication.
Mitsubishi Electric also breached
The reports come 10 days after the security breach disclosed by Mitsubishi Electric on January 20 that might have also led to a personal and confidential corporate information leak.
"On June 28, last year, a suspicious behavior was detected and investigated on a terminal in our company, and as a result of unauthorized access by a third party, data was transmitted to the outside," Mitsubishi Electric said.
The breach started after Chinese affiliates were compromised and it then spread to the company's internal network per an Asahi Shimbun report that prompted Mitsubishi Electric's disclosure.
"The hijacked account was used to gain infiltration into the company's internal network, and continued to gain unauthorized access to middle-managed PCs who had extensive access to sensitive information," the report says.
Chinese hackers suspected as Mitsubishi attack operators
"According to people involved, Chinese hackers Tick may have been involved," Nikkei said at the time. "According to the company, at least tens of PCs and servers in Japan and overseas have been found to have been compromised."
Tick (also known as Bronze Butler and REDBALDKNIGHT) is a cyber-espionage group known for primarily targeting Japanese entities from various sectors ranging from international relations and manufacturing to critical infrastructure and heavy industry organizations.
The group's main goal is to siphon confidential corporate info and intellectual property after compromising enterprise servers by exploiting various zero-day vulnerabilities and launching spearphishing attacks.
Tick also commonly wipes all evidence from compromised computers to hinder investigations after their operations are discovered.
Update January 30, 19:20 EST: NEC confirmed the security breach of its defense business division in a press release issued today, "27,445 files were found to have been accessed illegally" in July 2018 (h/t piyokango):
NEC has confirmed that some of the internal servers used by the Company's defense business unit have been subject to unauthorized access by third parties. As a result of investigations conducted by the Company and external specialized organizations, no damage such as information leakage has been confirmed so far.
The NEC Group has implemented measures such as the introduction of an unknown malware detection system, but was unable to detect the initial penetration of attacks launched after December 2016 and the early spread of internal infections.
In June 2017, as a result of checking the occurrence of communication patterns described in the security company's threat report, it was confirmed that unauthorized communication was being performed from internal PCs, isolation and investigation of infected PCs, and unauthorized communication destinations Was detected and blocked. In July 2018, we succeeded in decrypting encrypted communication with an infected server and an external server that was performing unauthorized communication, and stored it on our internal server for information sharing with other departments used by our defense business division 27,445 files were found to have been accessed illegally.
As a result of investigation by the Company and external specialized organizations, no damage such as information leakage has been confirmed so far. These files do not contain confidential information or personal information. In addition, since July 2018, the situation has been individually explained to customers related to files that have been accessed illegally.
Comments
dogmaskid - 4 years ago
hi there.