2 min read

What

Bogdan BOTEZATU

September 21, 2011

What

Earlier today, Japan's most important weapons contractor – Mitsubishi Heavy Industries –confirmed that its network was compromised by an unknown group of cyber-criminals looking for mission-critical information on submarines and missiles.

Apparently, the attack was carried out via a spear phishing campaign (that is, contacting a key person through an e-mail message that probably has a wealth of personal information in order to gain their confidence and con them into revealing sensitive info or into installing a piece of malware on a network node) targeting Mitsubishi staff.  This is not the first cyber-hack aimed at defense contractors using e-mail as an infection vector. 

Google confirmed that, in February 2011, a number of Gmail addresses belonging to US, Taiwanese and Chinese military officials have been compromised via spear-phishing techniques. If the Gmail hack might have exposed some sensitive information, today’s breach in the Mitsubishi Heavy Industries’ network is a different ball game.

Here are some scenarios that cover a potential data leak from a manufacturer of war equipment, including surface-to-air missiles, warships, and submarines:

·         Military espionage: defense contractors and weapon-makers have huge research budgets so they can innovate and outpace other governments. Regardless of their advances in the industry, a military data breach would immediately wipe out any advantage. With stolen classifiedintelligence, a hostile government could enjoy the same technology at little to no military expense.

·          Counter-measuring: even the most important military achievement is worth nothing when an opponent gets detailed information on how the technology works, how it is implemented and, most important, its weak spots.

·         Military havoc / terrorism: Mitsubishi Heavy Industries builds missiles for the Japanese government. Some missiles have advanced guidance systems using radio and laser to receive commands via satellite in order to reach their target. Now, the worst-case scenario includes cyber-criminals getting enough information from the Mitsubishi Heavy attack to know how the signal is encrypted and processed. More than that, there have been numerous reports of hacking into commercial satellites. In this context, it’s within the realm of possibility that hackers could intercept a test launch and hijack the missiles against a third-party state or objective.

Although there are little to no details on the piece of malware used to breach the Mitsubishi network, we strongly doubt that it can match the pervasiveness of Stuxnet. Most likely, cyber-criminals have exploited a vulnerability in the operating system or additional software in order to plant a regular piece of malware such as a keylogger or backdoor.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read