Kawasaki reports possible data leakage following a security breach

Japan's tech giant Kawasaki reported unauthorized access to their servers

Kawasaki Heavy Industries reports possible data leakageSecurity breach affects Kawasaki servers.

On December 28, 2020, Kawasi issued a news release,[1] reporting that during an internal system audit breach was discovered. From June 11 to July 8, multiple unauthorized accesses from overseas offices were made to Kawasaki Heavy Industries servers in Japan.

As part of the attack, administrator IDs and passwords were stolen,[2] and there's a possibility of data leakage to external parties. Although the company didn't find any evidence of that yet, there is such a possibility, as the company stated:

As a result of a thorough investigation, the company have discovered that some information from overseas offices may have been leaked to external parties.
At this time, the company has found no evidence of leaking information to the external network

In the western hemisphere, Kawasaki is mostly known for its motorcycles. But the company, having over 35,000 employees, is manufacturing military aircraft, submarines, industrial machinery, high-speed trains, rolling stocks, ships, and much more. As reported,[3] the hack may have targeted the defense-related data.

The company also indicated that:

<…>, the unauthorized access in question had been carried out with
advanced technology that did not leave a trace.

Internal system audit reveals security breaches occurred from multiple overseas offices

During an internal system audit, Kawasaki discovered that the first unauthorized access to their data centers in Japan was made from their office in Thailand on June 11. All communications between the two offices were terminated for security reasons.

On June 15, possible data leakage to third-parties through an office in Thailand was discovered, following unauthorized access to multiple servers from the same office the next day. On June 24, two more unauthorized entries from offices in Indonesia and the Philippines were spotted, and all communication was immediately cut off.

The last security incident occurred on July 8, from an office in the USA. Since then, Kawasaki has implemented various security measures – inspected around 26,000 domestic and 3,000 overseas terminals, hired external security specialists, created a special Cyber Security Group, and restored communication with the offices where the security breaches came from.

Fruitful year for cybercriminals – biggest company hacks of 2020

As 2020 is about to end, it is time to summarize the year from a cybersecurity perspective and regarding the breaches. And it all started with tech giant Microsoft reporting[4] that five servers containing user analytics (email addresses, IP addresses, etc.) were exposed online without any protection.

A massive amount of sensitive documents and a total of 425GB of confidential legal and financial data were leaked online due to an unsecured cloud-hosted database related to the MCA Wizard app.[5] The files included bank statements, Social Security details, tax returns, receipts, and much more.

Japans' Mitsubishi suffered two cyberattacks, one possibly stealing prototype missile data, the other one[6] – employee, company's technical info, and communications. While the EDP, an energy conglomerate, was hit by ransomware demanding $10 million for 10TB of stolen information.

Even satellite companies and tech giants such as Intel, Nintendo, LG, and many others became victims of some sort of cybercrimes in 2020. We're just glad that this year is over and hope that everyone will be much safer the next year.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions