Mitsubishi Electric discloses security breach, China is main suspect

Mitsubishi Electric says hackers did not obtain sensitive information about defense contracts.
Written by Catalin Cimpanu, Contributor

In a short statement published today on its website, Mitsubishi Electric, one of the world's largest electronics and electrical equipment manufacturing firms, disclosed a major security breach.

Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi Shimbun and Nikkei, published stories about the hack.

Both publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

Hack originated from a Chinese affiliate

According to the reports in local media, the intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company's servers.

The intrusion was later tracked to a compromised employee account.

"Unauthorized access began with affiliates in China and spread to bases in Japan," Asahi reported.

The newspaper said hackers escalated their access from this initial entry point to Mitsubishi Electric's internal systems, gaining access to the networks of around 14 company departments, such as sales and the head administrative office.

The two newspapers reported that hackers stole sensitive data from the company's internal network. In particular, Nikkei reported that hackers compromised "tens of PCs and servers in Japan and overseas," from where they stole around 200 MB of files, mostly business documents.

Mitsubishi Electric did not deny that data exfiltration took place, but only denied that the intruders stole data on its business partners and defense contracts.

The company said it's still investigating the incident, but according to open-source reporting, the attackers appeared to have deleted access logs, slowing down investigators.

Major security breach in Japan

In Japan, the incident is being treated with the utmost severity. Mitsubishi Electric is one of Japan's biggest defense and infrastructure contractors, with active projects within the Japanese military, but also telecommunications, railways, and the electrical grid.

Before going public with the news today, Mitsubishi Electric had also notified members of the Japanese government and Ministry of Defense, according to local newspaper Mainichi.

The world's most famous and dangerous APT (state-developed) malware

Editorial standards