Hackers hit Japan's biggest defense contractor
Mitsubishi Heavy Industries confirms attack, but claims no secrets were stolen
Computerworld - Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.
The Daily Yomiuri, citing confidential sources, first reported the attack, which involved as many as eight different types of malware, including Trojan horses.
A U.S.-based Mitsubishi spokesman confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.
Servers at Mitsubishi's Kobe shipyards, where the company builds diesel-electric submarines and components for nuclear power plants; at the company's Nagasaki shipyards; and at its Nagoya plant, which designs and manufactures missile guidance systems, were among those compromised, the spokesman said.
Mitsubishi Heavy's corporate headquarters in Yokohama was also affected by the infection.
"This is certainly the first incident [at Mitsubishi] of this magnitude," the spokesman admitted.
According to a Japanese-language statement issued by Mitsubishi on Monday, the infection was detected in mid-August and has been under investigation since then.
"Mitsubishi IP addresses had been disclosed, but [the attack] was caught at an early stage," said the U.S. spokesman, who added that the investigation had not turned up evidence that data had been pilfered from the compromised servers.
The attack against Mitsubishi followed others this year aimed at U.S. defense contractors, including Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft. The Lockheed attack was carried out using information stolen earlier from RSA Security, the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.
Enterprise systems are often infected after attackers target individuals by sending them malware-infected business files, such as malicious Microsoft Excel spreadsheets or Word documents.
Other defense organizations were also targeted by the same malware-infected files that were used to hack into RSA's network.
Mitsubishi's spokesman said that the company had not pinpointed the origin of the attacks, but most experts have argued that Chinese hackers, perhaps supported by the Communist government, were responsible.
According to Defense News, Mitsubishi Heavy was the world's 26th-largest defense contractor in 2010.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts