Mitsubishi Heavy Industries confirmed that 83 computers and servers at 11 locations, including its headquarters and shipyards in Nagasaki and Kobe, were infected, according to the Guardian newspaper. The company declined to say whether any confidential data was stolen.
The Japanese defense ministry has criticized Mitsubishi for delaying its notification of the breach for a month. "It's up to the defense ministry to decide whether or not the information is important. That is not for Mitsubishi Heavy to decide. A report should have been made", a spokesman for the ministry told Reuters.
Speculation circulated that China was behind the attack because Chinese characters were discovered in the malware. The Chinese government vehemently denied involvement.
“If you want to perform a targeted attack, extract information, and hide your tracks, it would not be such a good idea for the attacker to put in Chinese characters so it could be traced back to China. Our opinion is that China is being framed by another country or hacker group”, Cosoi told Infosecurity.
Cosoi said the attack against Mitsubishi marks a variation from past high-profile attacks on defense contractors in its use of targeted malware.
“If we compare [this attack] with what happened in the last months in terms of hacktivism and hacking military companies or governmental agencies, so far we’ve seen unsophisticated hacks. Usually, they involve DoS [denial of service] or scanning the network for vulnerabilities and trying to steal some data. And the information is then made publicly available just to make a statement that these networks can be breached. However, in the case of Mitsubishi they used malware….There was a lot of effort to create such a targeted attack”, Cosoi said.