Cyber-Attack Hits Japan’s Largest Defence Contractor

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.,

Mitsubishi Heavy Industries weapons systems targeted by at least eight different types of malware

A major Japanese defence contractor discovered cyber-attackers had breached its computer network in August. The company says it is not clear yet what has been compromised.

Approximately 45 servers and 38 computers were infected with malware at ten facilities located throughout Japan and its Yokohama headquarters, Mitsubishi Heavy Industries told Reuters. Japan’s largest defence contractor discovered at least eight different pieces of malware, including data-stealing Trojans, were used in the 11 August attack.

Attacks Focus On Warships

Affected facilities included Kobe Shipyard & Machinery Works, a manufacturing plant in southwest Japan which builds submarines and components to build nuclear power stations, Nagasaki Shipyard & Machinery Works, which makes escort ships, a shipbuilding yard for destroyers in Nagoya, located in central Japan, and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.

“There is no possibility of any leakage of defence-related information at this point,” a Mitsubishi Heavy spokesperson told Reuters. The news agency said major Japanese newspaper Yomiuri is reporting that some information was moved around on Mitsubishi’s computers which contained information on the company’s nuclear power plant, submarine and missile businesses.

“We’ve found out that some system information such as IP addresses have been leaked and that’s creepy enough,” the spokesperson told Reuters.

After an employee noticed abnormalities in an infected system, outside experts were brought in to investigate, according to Mitsubishi. The company did not know who was responsible for the attack, but an in-depth report on the incident is expected by 30 September, the spokesperson said. Mitsubishi has reported the incident to police and is proceeding with an in-house investigation.

“With over 80 computers compromised, the Mitsubishi Heavy Industries attacks show that once compromised, the internal network can become a playground for sophisticated attackers,” Adam Powers, CTO of Lancope, told eWEEK. Once the attackers are inside the network, detection and remediation becomes more difficult, he said.

Defence Industry Targeted

Mitsubishi Heavy Industries makes warships, submarines and other-defence related equipment. The Japanese constitution prohibits the company from exporting weapons, but there are exemptions for companies who are working with other countries on joint research and development of anti-missile defence systems. The contractor works with Raytheon to make weapons such as surface-to-air Patriot missiles and AIM-7 Sparrow air-to-air missiles, and with Boeing to supply parts for 787 Dreamliner jets and F15J fighter jets.

In May, several defence contractors in the United Stateswere hit by cyber-attackers, including Lockheed Martin, L-3 Communications and Northrop Grumman. It appears that some classified information about a top-secret weapons system had been stolen. US Deputy Defence Secretary William Lynn has stated publicly that a foreign intelligence agency had been behind the attacks on defence contractors.

The attack on Lockheed Martin has been confirmed to have used the information about SecurID two-factor authentication technology that had been stolen earlier in the year from EMC’s RSA Security.

“Cyber-criminals, whether state-sponsored or not, are interested in stealing sensitive information which could have more than a financial value,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog. Organisations would be “foolish” to ignore these threats, Cluley added.