Jump to content
  • Japanese government agencies suffer data breaches after Fujitsu hack


    mood

    • 772 views
    • 3 minutes
     Share


    • 772 views
    • 3 minutes

    Japanese government agencies suffer data breaches after Fujitsu hack

     

    Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool.

     

    Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.

     

    It is not yet clear if this breach occurred because of a vulnerability exploit, or a targeted supply-chain attack, and an investigation is ongoing.

    Attackers accessed at least 76,000 email addresses

    Yesterday, the Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC) of Japan announced that attackers were able to obtain inside information via Fujitsu's information-sharing tool.

     

    Fujitsu also said that attackers had gained unauthorized access to projects that used ProjectWEB, and stolen proprietary data.

     

    Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers and stakeholders, for example.

     

    fujitsu-login-portal.png

    ProjectWEB login screen (Hatena Blog)

     

    By gaining unauthorized access to government systems via ProjectWEB, attackers were able to obtain at least 76,000 e-mail addresses, and proprietary information, including the e-mail system settings, as confirmed by the Ministry of Land, Infrastructure, Transport, and Tourism.

     

    As of 2009, the tool was in widespread use by approximately 7,800 projects, according to a Fujitsu document seen by BleepingComputer:

     

    fujitsu-slide-projectweb.jpg

    Fujitsu ProjectWEB overview illustrating different use cases of the info-sharing tool  

     

    The exposed email addresses included those of external parties, such as members of the Council of Experts, who have been individually notified.

     

    Japanese press reported Narita International Airport, located near Tokyo, was impacted as well since Fujitsu attackers managed to steal air traffic control data, flight schedules, and business operations.

     

    Additionally, Japan's Ministry of Foreign Affairs suffered from a data leak in which some study materials were exposed to unauthorized actors.

     

    As such, Cabinet Secretariat's national cybersecurity center (NISC) issued multiple advisories [12] alerting government agencies and critical infrastructure organizations using Fujitsu's tool to check for signs of unauthorized access and information leakage.

    Fujitsu suspends ProjectWEB online portal

    As seen by BleepingComputer, Fujitsu has suspended its ProjectWEB portal while the scope and cause of this incident are being fully investigated.

    The URL to the login portal has been timing out when access is attempted:

     
    fujitsu-down.jpg
    Fujitsu ProjectWEB portal shut down after the breach
    Source: BleepingComputer

     

    Since the ProjectWEB portal was hosted on the "soln.jp" domain, one way to check if your organization has been impacted, or was a customer at some point, is to look for traces of the domain or the aforementioned URL in your network logs.

     

    Fujitsu states they will be notifying the relevant authorities and work with their customers to identify the cause of the breach, in a press release.

     

    BleepingComputer reached out to Fujitsu with specific questions related to the incident, and we were told:

    "Fujitsu can confirm unauthorized access to 'Project WEB,' a collaboration & project management software, used for Japanese-based projects."

    "Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities. As a precautionary measure, we have suspended [the] use of this tool, and we have informed any potentially impacted customers," a Fujitsu spokesperson told BleepingComputer.

     

    Although disclosure of technical details behind this attack is pending, the incident has echoes of the Accellion file sharing tool hack which impacted hundreds of customer organizations.

     

     

    Source: Japanese government agencies suffer data breaches after Fujitsu hack


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...