Wednesday, September 21, 2011

Chinese Characters Found in Japanese Mitsubishi Cyberattack

Via Daily Yomiuri Online (Japan) -

Chinese language was found in one of viruses used in the recent cyber-attacks on Mitsubishi Heavy Industries (MHI), Ltd., it was learned Tuesday.

A total of 83 servers and personal computers of the machinery maker have been infected with viruses in the cyber-attacks, which originated outside the company.

On a screen for an attacker to remotely control the infected PCs, simplified Chinese characters used in China were employed, sources said.

As the possible involvement of a person or people with deep knowledge of Chinese language is suspected, the Metropolitan Police Department now considers it an international espionage case. The MPD is investigating the case as a violation of the Law on the Prohibition of Unauthorized Computer Access, among other charges.

The viruses confirmed to have infected the MHI servers and PCs included a Trojan horse virus, which allowed senders to gain access to infected PCs. The sender can then transmit information from the infected machine to their computer.

According to the sources, an information security firm that copied and analyzed the virus discovered the simplified Chinese characters on screens used by the senders.

The Chinese characters include those for "automatic" (meaning automatic access), "catch" for the function to remotely control infected PCs, and two Chinese characters that mean "video" or "image," the sources explained.

As it would be very difficult for those who do not understand the Chinese language to control the virus, the MPD suspects involvement of a person or people well-versed in Chinese.

Regarding spear attacks, which target specific people or companies to steal information from them, the MPD analyzed 29 such e-mails reported between January and June. Of those, 14 had viruses forcing the infected PCs to access to servers in China.

However, a security specialist warned it is still not possible to conclude that China was involved in the attacks.

"The perpetrator or perpetrators may intentionally use Chinese to disguise the attacks as Chinese," said Prof. Motohiro Tsuchiya, an expert on information politics.

"However, the number of cyber-attacks from China targeting classified information have reportedly been increasing and the United States is also on alert. It is important for attacked companies to disclose the facts of attacks and share their experiences to allow others to share risk information," he said.


As one would expect, Chinese government officials are denying any knownledge or role in the attacks which targeted MHI.

No comments:

Post a Comment