Japan is investigating if a cyber attack on Mitsubishi Electric in January this year possibly compromised intellectual property associated with a prototype missile known as HGV, Associated Press has found.
On 20th January, Mitsubishi Electric said its computer network was breached by unnamed hackers in June last year and that the breach may have resulted in the leak of “personal information and corporate confidential information” to unauthorised entities.
While Mitsubishi Electric did not define the exact nature of data that was accessed by malicious actors who breached its systems last year, the Japanese electronics giant said that no technical information or information of the company’s customers was accessed by third parties.
According to Japanese media agency Nikkei, hackers who targeted Mitsubishi Electric’s network were possibly members of a Chinese hacker group known as Tick and in order to remove the evidence of their intrusion, they deleted all logs that could have been analyzed by the company to verify the leak of confidential information.
Nikkei added that the hackers stole up to 200MB of documents, some of which contained information on Japanese government agencies such as the Ministry of Defense, the Nuclear Regulatory Commission, and the Agency for Natural Resources and Energy.
The stolen documents also contained information on domestic and overseas companies such as electric power and telecommunications, JR / private railways, and major automobile companies.
Recently, Associated Press revealed that the Japanese government is presently investigating if the cyber attack on Mitsubishi Electric potentially compromised information related to a prototype supersonic gliding missile called HGV which is also being developed by the United States, Russia, and China.
“The ministry suspects the information might have been stolen from documents sent from several defense equipment makers as part of a bidding process for the project, Mitsubishi Electric did not win the bid,” AP noted.
Mitsubishi issued a statement on the 20th, stating that “information specified by the Ministry of Defence was released in cyber attacks but we have not confirmed the possibility of new information leakage since then.”
“We are still cooperating with the Ministry of Defense investigation. Going forward, we will continue to thoroughly protect information with the guidance of the Ministry of Defense,” the company added.
Commenting on this, Chris Hauk, Consumer Privacy Champion at Pixel Privacy, said that zero-day vulnerability attacks like the one targeting Mitsubishi underscore the need for users to keep all of their security-related software updated to prevent such attacks. It also highlights the rise in attacks like this by bad actors working for foreign governments, requiring increased vigilance by government contractors and companies in other sensitive industries.”