Mitsubishi Electric was hacked by the Trend Micro antivirus which was supposed to protect it

Digital forensics specialists have revealed new details about the security incident at the Japanese company Mitsubishi Electric. A few days ago, the company disclosed that in June last year a group of hackers managed to access the personal information of its employees, in addition to some corporate files.

According to local media reports, the attacks have been attributed to Tick, a hacker group funded by the Chinese government. In addition, the latest reports claim that hackers managed to access Mitsubishi systems by exploiting a zero-day vulnerability in OfficeScan, an antivirus solution developed by Trend Micro.

Among the compromised information are almost 2,000 job applications, the results of an employee evaluation involving more than 4,000 clients, as well as personal data from more than 1500 employees retired between 2007 and 2019, as well as information including blueprints, technical documents, and marketing material.

A digital forensics report from ZDNet states that threat actors managed to exploit the CVE-2019-18187 vulnerability, an arbitrary file upload to Trend Micro OfficeScan flaw. The security issue was corrected in October 2019. On its official website, Trend Micro even boasts Mitsubishi being one of its customers.

This report has not yet been confirmed by any of the parties involved. However, if these claims are true, this could result in a public relations scandal for the security firm, as the presence of this flaw would have been critical during the intrusion into Mitsubishi networks.

Although the security company’s failure is obvious, digital forensics specialists at the International Institute of Cyber Security (IICS) point out that no antivirus software is 100% safe from security vulnerabilities, no matter how sophisticated this is.

While security companies and IT teams sometimes make mistakes, we shouldn’t lose sight of the real culprits of these incidents: cybercriminals. Security firms and independent researchers work hard to stay ahead of computer attacks, although sometimes, as in Mitsubishi’s case, efforts simply aren’t enough.