Photo/Illutration Kobe Steel Ltd.’s office in Tokyo (Asahi Shimbun file photo)

The Defense Ministry on Feb. 6 revealed the names of two companies whose computer networks were accessed illegally, a rare disclosure that sheds light on the extent of cyberattacks committed against the ministry’s contractors.

The ministry said classified and other data designated as “secret” were not leaked in the cyberattacks against Kobe Steel Ltd. and aerial surveying company Pasco Corp.

Kobe Steel has sold submarine parts to the ministry while Tokyo-based Pasco provides topographical charts and images taken by satellites and aircraft.

Kobe Steel became aware of the attack in August 2016, while Pasco noticed the illegal access in May 2018, the ministry said. In both cases, computers used by company employees were infected with viruses through internet connections.

Defense Minister Taro Kono said at a news conference on Jan. 31 that four companies that do business with the ministry had been targeted by hackers.

At that time, Kono named Mitsubishi Electric Corp. and NEC Corp., both of which had already gone public about the attacks. He did not disclose the names of the other two companies.

Mitsubishi Electric and NEC officials said they suspect Chinese hacker groups were responsible for the intrusions. They also said they found no evidence that secret defense information had been leaked.

SECURITY TIGHTENED

Kobe Steel said it tightened its security measures after suspecting illegal access in 2016, but it found another breach in June 2017.

The company said its investigation found the possibility that ministry-related information had been leaked, and it issued an apology.

Pasco, a company under the umbrella of leading security firm Secom Co., said an outside investigation pointed to a China-affiliated hacker group as the likely perpetrator of the cyberattack.

Pasco has issued a statement pledging to tighten security and to work on preventive measures.

The ministry said it also investigated the attacks after receiving reports from the two companies.

DISCLOSURE SYSTEM PROPOSED

Hiroki Iwai, a cybersecurity specialist, welcomed the government’s change in stance in disclosing the two company names.

“It is meaningful to enlighten society that the threat of cyberattacks exists everywhere,” he said.

Iwai said that such a disclosure system is ideal because defense and important infrastructure affect security and other national interests.

“The government should create a foundation that allows companies to more easily disclose cyberattack damage, such as setting up guidelines about what information can be released,” Iwai said.