Hackers Likely Have Japanese Warplane, Nuclear Data

  /     /     /  
Publicated : 22/11/2024   Category : security


Hackers Likely Have Japanese Warplane, Nuclear Data


Attackers likely accessed sensitive data relating to military



10 Companies Driving Mobile Security (click image for larger view and for slideshow)
Hackers targeting Japans defense industry likely obtained sensitive information relating to military warplanes, missiles, as well as design and safety information for nuclear power plants.
On Monday, sources close to the Japanese defense ministry said that while
data relating to confidential national security
matters didnt appear to have been breached, sensitive information had been stolen, reported the
Japan Times
.
Notably, Mitsubishi Heavy--Japans largest defense contractor, perhaps best known in the United States for manufacturing the surface-to-air Patriot missile--found that multiple PCs were infected with a Trojan application designed to
send data to an outside server
. In addition, an internal investigation found signs that the information had been transmitted outside the companys computer network, with the strong possibility that an outsider was involved, reported
Asahi Shimbun
.
[Is Internet security a myth? Learn why the
Top FBI Cyber Cop Recommends New Secure Internet
.]
Earlier this month, both Mitsubishi Heavy and Kawasaki Heavy Industries suffered attacks after
hackers stole email addresses
for senior executives at defense contractors, reported the
Daily Yomiuri
. The email addresses were stolen earlier this year from the Society of Japanese Aerospace Companies (SJAC), an industry association that counts numerous Japanese aeronautics, space, and defense-related import businesses as members and partners.
The recent attack against Mitsubishi Heavy and Kawasaki Heavy Industries followed attacks against numerous Japanese defense contractors over the summer. They came to light when Mitsubishi Heavy filed a complaint to Tokyo police in September, saying that its website had been breached by an attack that targeted 45 company servers, resulting in 38 computers in 11 locations being infected with more than 50 different types of viruses.
Those viruses apparently enabled the attackers to steal data from Mitsubishi Heavy relating to warplanes, nuclear plants, as well as Japans Type 80 ASM-1 missile, which can be used against ships. Notably, the locations infected by the viruses included the Kobe and Nagasaki shipyards, which build submarines and destroyers, as well a facility in Nagoya thats building a guided missile system, reported
Asahi Shimbun
.
Meanwhile, in the most recent attack--involving SJAC--the attacker used the industry association as a stepping stone to the defense contractors. The hacker targeted the industry association, which has inadequate security. We assume the hacker attempted to use it to spread computer viruses throughout the nations defense industry, a senior Japanese police official told the
Daily Yomiuri
. Similar attacks were launched against Kawasaki Heavy Industries, and the attacker appeared to have stolen at least some of that companys emails.
But police said that before breaching SJAC, the attacker first exploited a PC at an international telephone service company located in Tokyo. The attacker used that PC to send an email--presumably with a malicious attachment--to someone at SJAC. The malicious attachment was opened, and a PC at SJAC compromised. From there, the attacker used the PC to access an internal server containing the names and email addresses for senior executives at Japanese defense contractors.
Next, the attacker sent one or more emails from the exploited PC at SJAC, supposedly from an SJAC executive, to defense contractors. In the case of Kawasaki Heavy Industries, the email subject line read, Prior distribution of documents, and the message included a malicious file attachment titled Comments on lump sum procurement. Interestingly, the emails subject line and contents were virtually identical to a message that the executive had sent, just 10 hours prior.
Japans defense contractors arent the only institutions being targeted by attackers. On Tuesday,
Asahi Shimbun
reported that a Trojan application sent as an email attachment to Japanese legislators had enabled attackers to spy on lawmakers for at least a month. Once the Trojan application had infected a targeted PC, it downloaded malware from a server in China, enabling the attackers to steal usernames and passwords.
Inevitably there will be suspicions that the attack was sponsored by the Chinese, because of the involvement of a server based in China. But that fact alone is not a convincing reason to blame China for the attack, said Graham Cluley, senior technology consultant at Sophos, in a
blog post
. For one thing, its perfectly possible that the attack was the work of a lone Chinese hacker--without the backing of his government or military. And even more relevantly, computer hackers can plant their malware on servers all around the world--so its just as possible that a hacker in, say, New Zealand placed his malware on a compromised Chinese server.
Indeed, one
advanced persistent threat
trend is that, to reach a target, hackers increasingly exploit a number of intermediaries--some directly related, some not. That helps disguise their ultimate attack, which appears to come from a trusted source. Furthermore, all of those layers help to obscure the identity, location, and motive of the attacker.
Theyre so far removed within their shell companies and hidden away that technically the attack might be coming from an attacker or a network right next to you, but really the attackers might be 10 countries away with different hops through different organizations, said John Harrison, group manager with Symantec Security Response, in a recent press briefing that detailed hacker strategies. As a result, spotting and stopping such attacks can be quite difficult.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hackers Likely Have Japanese Warplane, Nuclear Data