THE ASAHI SHIMBUN
January 22, 2020 at 17:55 JST
The building where Mitsubishi Electric Corp.’s main office is located in Tokyo’s Chiyoda Ward (Takuya Tanabe)
At least four Chinese-affiliated hacking groups are believed to have breached security at Mitsubishi Electric Corp. in cyberattacks that experts deemed “inevitable” given the size and diversity of the company.
According to sources familiar with the company’s in-house investigation, Mitsubishi Electric suspects Tick, Aurora Panda, Black Tech and a group that uses the Emdivi virus attacked the company at separate times.
Each group is known to target information in different industries. Two of these groups have been tied to the latest cyberattacks against the company, the sources said.
Hiroki Iwai, a cybersecurity specialist, said companies with close connections to government organizations and various industries, are natural targets of multiple hacker groups.
Mitsubishi Electric is a leading player in a wide range of industries, from defense and infrastructure to railway systems and electronics. Its technology and expertise can be used for both military and private purposes.
“The company should be aware that it will remain a potential target in the future,” Iwai said. “There appears to be a correlation between government policies and concerns in the hackers’ countries and their specific targets.”
The four groups emerged as possible culprits when the company scrutinized cyberattacks against it over the past 10 years, according to the sources.
The latest wave of cyberattacks, first detected in June, surfaced in the course of the investigation, the sources said.
Officially, Mitsubishi Electric has not named any possible suspects.
“We have not identified the exact perpetrators, yet,” a public relations official said. “We do not discuss our security system.”
However, the sources said Black Tech is believed to be responsible for breaches of personal data on up to 8,122 Mitsubishi Electric employees, applicants and retirees from group companies, as well as classified information of government organizations and major private-sector companies kept at Mitsubishi Electric.
Black Tech’s main goal is to steal classified data from major manufacturers in Japan and Taiwan, according to a cybersecurity report.
Mitsubishi Electric first discovered it had come under a Black Tech attack in the second half of 2017, according to the sources. Signs indicated the hackers infiltrated the company’s computer networks via an affiliate in China.
The company had since found no unauthorized accesses until last year, when the widespread data breach was found at Mitsubishi Electric’s headquarters and key offices in Japan.
An in-house review that started after irregular activities were found on June 28 showed that the perpetrators exploited glitches in the virus-buster software of cybersecurity company Trend Micro Inc.
The hackers hijacked Mitsubishi Electric’s management server, which sends modified and other files to computer terminals in the company that were installed with the anti-virus software, the sources said. That gave the hackers unauthorized access to corporate data.
Trend Micro said that the glitches had been repaired by October.
It also said it recognized two cyberattacks that exploited the bugs, but it declined to go into detail about the cases.
“We will not discuss cases of individual companies and organizations,” a Trend Micro official said.
In the latest attacks, Tick is believed to have gone through a Mitsubishi Electric affiliate in China using a method similar to the one deployed by Black Tech.
Tick mainly goes after classified data on defense equipment and important infrastructure, according to a report released in 2016 by Lac, a cybersecurity company.
Aurora Panda, which is believed to have attacked Mitsubishi Electric around 2013, targets government ministries and organizations as well as information technology companies.
Mitsubishi Electric’s in-house review also found that the Emdivi virus was used in the past attacks.
The same virus compromised 1.25 million pieces of personal data on contributors to the Japan Pension Service in 2015. Mitsubishi Electric apparently was attacked around the same time.
But the group of hackers using Emdivi has yet to be identified.
“Businesses should understand the characteristics of each espionage group and draw up countermeasures to defend against each one,” Iwai said.
The Ministry of Economy, Trade and Industry said Mitsubishi Electric reported the potential data breach on Jan. 10 and insisted there were no leaks of classified and vital information on defense, the power industry and railway systems.
(This article was compiled from reports by Tatsuya Sudo, senior staff writer, Hisashi Naito and Hiroki Ito.)
Here is a collection of first-hand accounts by “hibakusha” atomic bomb survivors.
A peek through the music industry’s curtain at the producers who harnessed social media to help their idols go global.
Cooking experts, chefs and others involved in the field of food introduce their special recipes intertwined with their paths in life.
A series based on diplomatic documents declassified by Japan’s Foreign Ministry
A series about Japanese-Americans and their memories of World War II