Hackers hit Japan's biggest defense contractor
Mitsubishi Heavy Industries confirms attack, but claims no secrets were stolen
Computerworld - Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.
The Daily Yomiuri, citing confidential sources, first reported the attack, which involved as many as eight different types of malware, including Trojan horses.
A U.S.-based Mitsubishi spokesman confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.
Servers at Mitsubishi's Kobe shipyards, where the company builds diesel-electric submarines and components for nuclear power plants; at the company's Nagasaki shipyards; and at its Nagoya plant, which designs and manufactures missile guidance systems, were among those compromised, the spokesman said.
Mitsubishi Heavy's corporate headquarters in Yokohama was also affected by the infection.
"This is certainly the first incident [at Mitsubishi] of this magnitude," the spokesman admitted.
According to a Japanese-language statement issued by Mitsubishi on Monday, the infection was detected in mid-August and has been under investigation since then.
"Mitsubishi IP addresses had been disclosed, but [the attack] was caught at an early stage," said the U.S. spokesman, who added that the investigation had not turned up evidence that data had been pilfered from the compromised servers.
The attack against Mitsubishi followed others this year aimed at U.S. defense contractors, including Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft. The Lockheed attack was carried out using information stolen earlier from RSA Security, the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.
Enterprise systems are often infected after attackers target individuals by sending them malware-infected business files, such as malicious Microsoft Excel spreadsheets or Word documents.
Other defense organizations were also targeted by the same malware-infected files that were used to hack into RSA's network.
Mitsubishi's spokesman said that the company had not pinpointed the origin of the attacks, but most experts have argued that Chinese hackers, perhaps supported by the Communist government, were responsible.
According to Defense News, Mitsubishi Heavy was the world's 26th-largest defense contractor in 2010.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!