Virus detected alert showing cyber attack and PCs infected by malware

Fujitsu’s Business PCs Infected by Malware in a Cyber Attack That Leaked Customer Data

Fujitsu is investigating a cyber attack that potentially leaked sensitive personal information after its work computers were infected by malware.

Operating in 100 countries, Fujitsu employs 124,000 people globally and earned $25 billion in 2023. Its products include computing, telecommunication, and storage devices, software, and IT and consulting services.

Its client base includes large corporations and government agencies. It also works closely with the Japanese government in the research and development of various strategic technology solutions.

In a statement posted on its website, Fujitsu said it took steps to secure the infected computers, notified the impacted individuals, and reported the cyber incident to regulatory authorities.

Fujitsu disconnects PCs infected by malware after a cyber attack

Fujitsu said it launched an investigation after learning that several work PCs were infected by malware and that personal information was potentially stolen.

“We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be illegally taken out,” Fujitsu said.

The IT equipment and services company responded by disconnecting the business computers infected by malware and started monitoring other work devices on its network.

“After confirming the presence of malware, we promptly disconnect the affected business computers and take measures such as strengthening monitoring of other business PCs,” the company said.

The company also launched an investigation to determine the scope, nature, and impacts of the cyber attack. It has also reported the data breach to the Japanese government agencies, including the Personal Information Protection Commission.

“Additionally, we are currently continuing to investigate the circumstances surrounding the malware intrusion and whether personal information has been leaked,” Fujitsu said.

Fujitsu said the cyber attack likely compromised “personal and customer information.” However, the company has not disclosed whether the PCs infected by malware also contained data belonging to employees and business partners.

So far, no evidence suggests threat actors misused the stolen information, and no ransom demands have been reported.

The company has also not explained how its business computers were infected by malware, the attack vector, the variant used, and whether the cyber attack involved ransomware. The tech giant has also not disclosed how long the business PCs were infected by malware.

“There’s no reporting of how long they have been breached, what data was accessed, or how they were compromised,” said Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. “These are all questions I think any impacted customer would want to see. It’s especially important to understand how the breach happened.

However, Jelle Ursem, a security researcher at the Dutch Institute for Vulnerability Disclosure, told The Stack that Fujitsu left a Microsoft Azure storage bucket containing AWS keys, client data, and plaintext passwords from the LastPass password manager exposed for a year.

Ursem reportedly attempted to report the data leak, but Fujitsu allegedly snubbed him, leaving the exposed credentials at risk of exploitation.

“Typically, most successful data breaches occur because of social engineering, unpatched software or firmware, or stolen credentials (79% of which were obtained using social engineering),” added Grimes. “In order for an impacted customer to regain trust, they need to learn how the attack happened and what steps Fujitsu were taking to make sure it did not happen again (at least using the same attacker methods).”

A history of security flaws

Twice in three years, Fujitsu has fallen victim to cyber attacks. In May 2021, threat actors compromised the company’s ProjectWEB platform and accessed over 76,000 email addresses and troves of confidential information.

The cyber attack impacted several government agencies, including the Ministry of Land, Infrastructure, Transport, and Tourism, the Ministry of Foreign Affairs, the Cabinet Secretariat, and the Narita Airport Authority.

A subsequent inquiry determined that threat actors leveraged leaked credentials during that cyber attack.

In December 2022, Fujitsu’s FENICS Internet Service was found making “unauthorized communication to the outside world,” allowing unauthorized entities to intercept data.

Various Japanese corporations and government agencies depend on FENICS, thus putting sensitive information at risk of interception.

The incident prompted an angry response from the Japanese Ministry of Internal Affairs and Communications, directing the company to “ensure the confidentiality and cybersecurity of communications.”

“As we have seen countless times, cybercriminals will always find a way in, and once they have your data, there is no limit to what they can do to leverage your data,” said Darren Williams, CEO and Founder of BlackFog. “Extortion is the name of the game and until investments are made in next-generation technologies such as anti-data-exfiltration, there is very little an organization can do to prevent the onslaught.”