Mitsubishi Electric Discloses Security Breach Originated From China
Mitsubishi Electric on Monday disclosed a major security breach.
"We have confirmed that our network may have been subject to unauthorized access by a third party and personal information and corporate confidential information may have been leaked to the outside," Mitsubishi said.
The company said it recognized the suspicious behavior of its systems on June 28, and that it immediately took measures to restrict external access.
As a result of an internal investigation, Mitsubishi confirmed that sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning the company's business partners has not been leaked.
To date, no damage or impact related to this matter has been confirmed. We deeply apologize for causing such anxiety and inconvenience to those concerned and the customers involved.
In their coverages, Japanese newspapers the Asahi Shimbun and Nikkei both blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze Butler), known to the cyber-security industry for targeting Japan over the past few years.
According to the reports, the intrusion was detected after Mitsubishi Electric staff found a suspicious file on one of the company's servers. The intrusion was later tracked to a compromised employee account.
Nikkei reported that hackers compromised "tens of PCs and servers in Japan and overseas," from where they stole around 200 MB of files, mostly business documents.
Mitsubishi Electric is one of Japan's biggest defense and infrastructure contractors, with active projects within the Japanese military, but also telecommunications, railways, and the electrical grid.