Tuesday, October 25, 2011

Hackers Likely Have Japanese Warplane, Nuclear Data

Via InformationWeek -

Hackers targeting Japan's defense industry likely obtained sensitive information relating to military warplanes, missiles, as well as design and safety information for nuclear power plants.

On Monday, sources close to the Japanese defense ministry said that while data relating to confidential national security matters didn't appear to have been breached, sensitive information had been stolen, reported the Japan Times.


Earlier this month, both Mitsubishi Heavy and Kawasaki Heavy Industries suffered attacks after hackers stole email addresses for senior executives at defense contractors, reported the Daily Yomiuri. The email addresses were stolen earlier this year from the Society of Japanese Aerospace Companies (SJAC), an industry association that counts numerous Japanese aeronautics, space, and defense-related import businesses as members and partners.

The recent attack against Mitsubishi Heavy and Kawasaki Heavy Industries followed attacks against numerous Japanese defense contractors over the summer. They came to light when Mitsubishi Heavy filed a complaint to Tokyo police in September, saying that its website had been breached by an attack that targeted 45 company servers, resulting in 38 computers in 11 locations being infected with more than 50 different types of viruses.

Those viruses apparently enabled the attackers to steal data from Mitsubishi Heavy relating to warplanes, nuclear plants, as well as Japan's Type 80 ASM-1 missile, which can be used against ships. Notably, the locations infected by the viruses included the Kobe and Nagasaki shipyards, which build submarines and destroyers, as well a facility in Nagoya that's building a guided missile system, reported Asahi Shimbun.

Meanwhile, in the most recent attack--involving SJAC--the attacker used the industry association as a stepping stone to the defense contractors. "The hacker targeted the industry association, which has inadequate security. We assume the hacker attempted to use it to spread computer viruses throughout the nation's defense industry," a senior Japanese police official told the Daily Yomiuri. Similar attacks were launched against Kawasaki Heavy Industries, and the attacker appeared to have stolen at least some of that company's emails.

But police said that before breaching SJAC, the attacker first exploited a PC at an international telephone service company located in Tokyo. The attacker used that PC to send an email--presumably with a malicious attachment--to someone at SJAC. The malicious attachment was opened, and a PC at SJAC compromised. From there, the attacker used the PC to access an internal server containing the names and email addresses for senior executives at Japanese defense contractors.

Next, the attacker sent one or more emails from the exploited PC at SJAC, supposedly from an SJAC executive, to defense contractors. In the case of Kawasaki Heavy Industries, the email subject line read, "Prior distribution of documents," and the message included a malicious file attachment titled "Comments on lump sum procurement." Interestingly, the email's subject line and contents were virtually identical to a message that the executive had sent, just 10 hours prior.

Japan's defense contractors aren't the only institutions being targeted by attackers. On Tuesday, Asahi Shimbun reported that a Trojan application sent as an email attachment to Japanese legislators had enabled attackers to spy on lawmakers for at least a month. Once the Trojan application had infected a targeted PC, it downloaded malware from a server in China, enabling the attackers to steal usernames and passwords.


Sophos: Japanese Parliament Hit By Cyber Attack

No comments:

Post a Comment