A high-tech military contractor, which suffered an attack from hackers earlier this year, is reported to have lost sensitive data related to defence equipment including fighter jet planes and nuclear power plant plans.
The news report claims that sources told it that an investigation had discovered information about fighter jets, helicopters and nuclear power plant design and safety plans, could have been stolen following a malware infection.
According to reports, checks on Mitsubishi Heavy computers have uncovered evidence that information was transmitted via them to parties unknown.
Mitsubishi Heavy Industries, Japan’s biggest defense contractor, revealed that it had suffered a malware attack in August which affected network servers and PCs at ten facilities across Japan, including its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.
The firm was criticised for not reporting the security breach to Japan’s Defence Ministry until a month later, when details emerged in the press.
At the time, a Mitsubishi spokesperson said that “there is no possibility of any leakage of defense-related information at this point.”
A large question mark remains regarding who was responsible for the targeted attack on Mitsubishi Heavy Industries.
Earlier this year there were a series of cyber attacks against US military contractors, including Lockheed Martin, L-3 Communications and Northrop Grumman, and US Deputy Defense Secretary William Lynn publicly claimed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.
Whoever it was who attacked Mitsubishi Heavy Industries, and whatever their motive, it’s clear that all organisations need to take their computer security very seriously.
Cybercriminals, whether state-sponsored or not, are interested in stealing sensitive information which could have more than a financial value. You would be foolish to ignore such a threat. As such, it’s essential that you ensure that your organisation has strong defences in place to reduce the risk of attack.Follow @gcluley