After US Department of Defense, Japan’s Defense Ministry becomes a data breach victim

Japan’s defense cybersecurity officers are on high alert after two contractors revealed they have suffered data breaches in recent years. A couple of weeks ago, Taro Kono, Japan’s defense minister, revealed that some army-linked organizations had been attacked.

Just a few days ago, the US Department of Defense revealed that the Defense Information Systems Agency (DISA) also suffered a data breach that compromised confidential information from members and contractors.

The two affected companies are Pasco and Kobe Steel, which provide geospatial surveying services. In both cases, the companies’ networks were infected with a malware variant to extract sensitive information and files. Previously, the Ministry of Defense recognized that Mitsubishi Electric and NEC firms also experienced similar cybersecurity incidents.

The attack on Mitsubishi could seriously affect the interests of the Defense of Japan, as the company is deeply involved in multiple technology and infrastructure projects in the Asian country; unofficial versions claim that the attackers extracted more than 200 MB of sensitive information from the company. On the other hand, NCE also confirmed unauthorized access to its systems, although the company claims that the attackers failed to extract sensitive information.

There are still no official reports on the identity of those responsible for the attacks. However, unofficial reports attribute these attacks to Tick, a well-known Chinese government-sponsored cybercriminal group. These hackers have engaged in multiple malicious campaigns throughout the Asian continent, especially targeting Japanese companies.

The suspicions of cybersecurity specialists stem from a statement from a major Pasco executive, who claims Tick compromised the company’s networks in 2018. These statements also refer to an exploit in a trend micro security firm tool used in the affected companies.

Finally, it is not yet clear whether the signatures under attack had not detected data breaches, or simply decided not to notify the authorities, a likely scenario since Japan lacks legislation on reporting cybersecurity incidents. According to the International Institute of Cyber Security (IICS), similar incidents highlight the need for data protection and incident reporting legislation.