Pierluigi Paganini January 31, 2020

Japanese electronics and IT giant NEC confirmed a security breach suffered by its defense business division in December 2016.

The IT giant NEC confirmed that the company defense business division has suffered a security breach back in December 2016.

The Japanese firm confirmed the unauthorized access to its internal network after Japanese newspapers disclosed the security incident citing sources informed of the event.

NEC is a contractor for Japan’s defense industry and was involved in various defense projects.

Roughly 28,000 files were found by the company on one of the compromised servers, some of them containing info about defense equipment.

“In July 2018, we succeeded in decrypting encrypted communication with an infected server and an external server that was performing unauthorized communication, and stored it on our internal server for information sharing with other departments used by our defense business division 27,445 files were found to have been accessed illegally.

As a result of investigations conducted by the Company and external specialized organizations, no damage such as information leakage has been confirmed so far.” reads the statement from the company.

“These files do not contain confidential information or personal information. In addition, since July 2018, the situation has been individually explained to customers related to files that have been accessed illegally,”

The situation is different according to the Nikkei newspaper that reported that the Japanese Ministry of Defense said that the exposed files contained “information on contracts with NEC, not defense secrets, and there is no impact on Japan’s defense system.”

NEC was informed of the intrusion in July 2017 by a security company contracted by the electronics company to investigate alleged unauthorized accesses to the internal network.

In July 2018, the company was able to decrypt unauthorized communications between an internal server and an external machine and discovered further compromise.

NEC announced it has taken steps to improve the security of its infrastructure and prevent future intrusions.

Recently another Japanese multinational electronics giant disclosed a data breach, last week Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts.

The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attackers deleting activity logs. Mitsubishi Electric disclosed the security incident only after two local newspapers, the Asahi Shimbun and Nikkei, reported the security breach.

The attackers have exploited a directory traversal and arbitrary file upload vulnerability, tracked as CVE-2019-18187, in the Trend Micro OfficeScan antivirus.

Trend Micro has now addressed the vulnerability, but we cannot exclude that the hackers have exploited the same issue in attacks against other targets. After the security firm patched the CVE-2019-18187 flaw in October, it warned customers that the issue was being actively exploited by hackers in the wild.

Pierluigi Paganini

(SecurityAffairs – NEC, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]