Hackers hit Japan's biggest defense contractor
Mitsubishi Heavy Industries confirms attack, but claims no secrets were stolen
Computerworld - Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.
The Daily Yomiuri, citing confidential sources, first reported the attack, which involved as many as eight different types of malware, including Trojan horses.
A U.S.-based Mitsubishi spokesman confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.
Servers at Mitsubishi's Kobe shipyards, where the company builds diesel-electric submarines and components for nuclear power plants; at the company's Nagasaki shipyards; and at its Nagoya plant, which designs and manufactures missile guidance systems, were among those compromised, the spokesman said.
Mitsubishi Heavy's corporate headquarters in Yokohama was also affected by the infection.
"This is certainly the first incident [at Mitsubishi] of this magnitude," the spokesman admitted.
According to a Japanese-language statement issued by Mitsubishi on Monday, the infection was detected in mid-August and has been under investigation since then.
"Mitsubishi IP addresses had been disclosed, but [the attack] was caught at an early stage," said the U.S. spokesman, who added that the investigation had not turned up evidence that data had been pilfered from the compromised servers.
The attack against Mitsubishi followed others this year aimed at U.S. defense contractors, including Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft. The Lockheed attack was carried out using information stolen earlier from RSA Security, the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.
Enterprise systems are often infected after attackers target individuals by sending them malware-infected business files, such as malicious Microsoft Excel spreadsheets or Word documents.
Other defense organizations were also targeted by the same malware-infected files that were used to hack into RSA's network.
Mitsubishi's spokesman said that the company had not pinpointed the origin of the attacks, but most experts have argued that Chinese hackers, perhaps supported by the Communist government, were responsible.
According to Defense News, Mitsubishi Heavy was the world's 26th-largest defense contractor in 2010.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts