Japan's Largest Defense Contractor Hit by Cyber-Attackers

A major Japanese defense contractor discovered cyber-attackers had breached its computer network in August. The company says it's not clear yet what has been compromised.

Approximately 45 servers and 38 computers were infected with malware at ten facilities located throughout Japan and its Yokohama headquarters, Mitsubishi Heavy Industries told Reuters on Sept. 18. Japan's largest defense contractor discovered at least eight different pieces of malware, including data-stealing Trojans, were used in the Aug. 11 attack.

Affected facilities included Kobe Shipyard & Machinery Works, a manufacturing plant in southwest Japan which builds submarines and components to build nuclear power stations, Nagasaki Shipyard & Machinery Works, which makes escort ships, a shipbuilding yard for destroyers in Nagoya, located in central Japan, and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.

"There is no possibility of any leakage of defense-related information at this point," a Mitsubishi Heavy spokesperson told Reuters. The news agency said major Japanese newspaper Yomiuri is reporting that some information was moved around on Mitsubishi's computers which contained information on the company's nuclear power plant, submarine and missile businesses.

"We've found out that some system information such as IP addresses have been leaked and that's creepy enough," the spokesperson told Reuters.

After an employee noticed abnormalities in an infected system, outside experts were brought into to investigate, according to Mitsubishi. The company did not know who was responsible for the attack, but an in-depth report on the incident is expected by Sept. 30, the spokesperson said. Mitsubishi has reported the incident to police and is proceeding with an in-house investigation.

“With over 80 computers compromised, the Mitsubishi Heavy Industries attacks show that once compromised, the internal network can become a playground for sophisticated attackers," Adam Powers, CTO of Lancope, told eWEEK. Once the attackers are inside the network, detection and remediation becomes more difficult, he said.

Mitsubishi Heavy Industries makes warships, submarines and other-defense related equipment. The Japanese constitution prohibits the company from exporting weapons, but there are exemptions for companies who are working with other countries on joint research and development of anti-missile defense systems. The contractor works Raytheon to make weapons such as surface-to-air Patriot missiles and AIM-7 Sparrow air-to-air missiles, and with Boeing to supply parts for 787 Dreamliner jets and F15J fighter jets.

In May, several defense contractors in the United States were hit by cyber-attackers, including Lockheed Martin, L-3 Communications and Northrop Grumman. It appears that some classified information about a top-secret weapons system had been stolen. U.S. Deputy Defense Secretary William Lynn has stated publicly that a foreign intelligence agency had been behind the attacks on defense contractors.

The attack on Lockheed Martin has been confirmed to have used the information about SecurID two-factor authentication technology that had been stolen earlier in the year from EMC's RSA Security.

"Cyber-criminals, whether state-sponsored or not, are interested in stealing sensitive information which could have more than a financial value," Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog. Organizations would be "foolish" to ignore these threats, Cluley added.