Massive Mitsubishi Electric data breach disclosed

Chinese hacking group Tick suspected in a major Mitsubishi Electric data leak

Mitsubishi Electric discloses data breach: Chinese hacking group Tick suspected

Mitsubishi Electric, one of the largest electronics maker in the world, published a short notification^[1] on its main website today – it claims that the company has suffered a cyber attack. According to the short memo, the firm had first spotted the intrusion on June 28 last year, when hackers accessed the internal severs at its headquarters as well as other offices in Tokyo and possibly leaked information related to 8,000 employees, communication exchanges with business partners, and even technical information related to Mitsubishi Electric itself.

Even though the data breach occurred more than six months ago, the company kept silent until two Japanese news outlets – Asahi Shimbun Digital^[2] and Nikkei^[3] – published the relevant information relating to the cyber attack on January 20, 2020.

According to publications, Mitsubishi Electric believes that unauthorized access was conducted by a Chinese criminal group Tick, which is known for targeting Japanese corporations and governmental institutions with cyber-espionage attacks. The group often deploys its own malware Daserf to gather the intelligence, although other attack vectors, such as software vulnerabilities, targeted phishing attacks, were also used.^[4]

Company-wide intrusion

According to the internal investigation of Asahi Shimbun, the unauthorized access was detected after Mitsubishi Electric found a suspicious file running on one of its servers. Upon a closer investigation, which was first launched in September, ^[5] the initial attack was traced to one of the employee's computers, which suggests that it could have been a targeted phishing email.

From there, the attack spread to 14 other headquarters across the company (both in-house and internationally), compromising sales, electronics, and even the head office departments. The data that was accessed during the breach consisted of approximately 200 megabytes of internal company-related documents, which included information about employees, contracts, and business partners.

According to news publications, Mitsubishi Electric did not want to disclose the incident due to internal investigations that were taking place.

Mitsubishi Electric claims that no sensitive data related to governmental contracts was affected during the leak

Mitsubishi Electric is one of the main contractors of various governmental institutions – it partners with Japan's Ministry of Defense, Agency for Natural Resources and Energy, Nuclear Regulatory Commission for various projects. Initially, both Asahi Shimbun and Nikkei claimed that information related to these projects was most likely leaked, although the company denied it. However, because Mitsubishi Electric is one of the government-based contractors, this security incident is treated with the highest importance.

At the press conference later that day, Mr. Yoshiwei Kan, a general secretary for the company, claimed that employee personal information, as well as Mitsubishi Electric' technology-related information, may have been leaked by the unauthorized party, although he also noted that “there is no leak of sensitive information such as defense equipment and power-related matters.”^[6] Before releasing information about the data breach today, Mitsubishi Electric notified the relevant parties at the Ministry of Economy Trade and Industry, and the Cabinet Cyber ​​Security Center (NISC).

Mitsubishi Electric apologized to everybody whose information has been compromised and said that it would keep monitoring its systems and improving security measures across the company.