Japan has launched an investigation into the potential exposure of confidential missile data in the wake of a cyberattack on Mitsubishi Electric Corp.
According to the Associated Press, the leak of information relating to a prototype, “cutting-edge” missile is suspected.
The missile, a speed glider known as HGV, was documented in files Mitsubishi and other manufacturers held as part of a bidding process. It has been reported by local news outlets that Mitsubishi did not win the bid.
See also: Verizon’s data breach report highlights how unsecured cloud storage opens door to attacks
It is possible the missiles could have been deployed as a deterrent to Japan’s more remote islands — an area of contention considering China’s increased military presence in the region.
Chief Cabinet Secretary Yoshihide Suga said that Japan’s Defense Ministry is analyzing the “possible impact of the information leak on national security.”
The cyberattack took place on June 28, 2019, but was only made public this year. The Japanese tech giant said approximately 200MB in files were stolen, but this was thought to primarily relate to members of staff.
CNET: iPhone’s Face ID now unlocks faster when you wear a face mask. Here’s what to do
Mitsubishi acknowledged the cyberattack and the potential theft of data belonging to roughly 8,000 individuals. In addition, the company informed the Defense Ministry of the potential exposure of sensitive information. The investigation is ongoing.
ZDNet previously learned that the intrusion was made possible through the use of a zero-day vulnerability in Trend Micro OfficeScan antivirus software. The vulnerability has since been patched.
A Chinese cyberespionage group known as Tick — or Bronze Butler — has been blamed for the attack.
TechRepublic: How healthcare organizations can combat cyberattacks during the coronavirus
While exploiting a zero-day vulnerability was potentially the key to pulling off this cyberattack, there are other methods that are far more common in security incidents today. According to Verizon’s 2020 Data Breach Investigation Report, unsecured cloud storage, the use of stolen credentials, and phishing attacks are often the attack vectors involved in modern data breaches.
ZDNet has reached out to Mitsubishi with additional queries and will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0