Several Japanese government agencies reportedly suffered data breaches originating from Fujitsu’s “ProjectWEB” information sharing tool.
ProjectWEB is a cloud-based enterprise collaboration and file-sharing platform launched in the mid-2000s. The cyber attack forced the Japanese IT equipment and services company to deactivate the software-as-a-service (SaaS) platform.
Fujitsu had earlier disclosed that hackers gained unauthorized access to the system and stole customer data. The computer emergency response team is still investigating and trying to determine if government agencies were targeted or the incident was a software supply chain attack.
Fujitsu’s ProjectWEB exposes Japanese government agencies’ data
Investigators said that the cyber attack affected the Japanese Ministry of Land, Infrastructure, Transport, Tourism, the Cabinet Secretariat, and the Narita International Airport.
The National Cyber Security Center (NISC) said that hackers accessed 76,000 email addresses and email system settings through Fujitsu’s file-sharing tool.
Some exposed emails belonged to the Council of Experts, who were individually informed of the data breach. The hackers also accessed projects hosted on ProjectWEB and stole proprietary data.
They exfiltrated flight schedules, air traffic control data, and business operations data from the Narita Airport. Similarly, study materials from Japan’s Ministry of Foreign Affairs were exposed.
Japan’s Cabinet Secretariat’s national cybersecurity center advised government agencies and critical infrastructure organizations relying on Fujitsu’s information-sharing tool to check for indicators of compromise.
The Fujitsu hacking incident was the second affecting Japan’s government agencies in a month. In April, hackers compromised Solito’s file-sharing server that affected Japan’s Prime Minister’s office.
Japan’s Chief Cabinet Secretary Katsunobu Kato, said that cyber attacks on Japan’s critical infrastructure were expected during the Tokyo Olympics. He noted that his office was prepared to address such security incidents.
Dr. Chenxi Wang, Founder and General Partner, Rain Capital, confirmed Secretary Kato’s remarks.
“As the Olympics event approaches, more cyberattacks are expected targeting the Japanese infrastructure and government agencies.”
She noted that the attack was similar to the SolarWinds hack and did not appear to be financially motivated. He added that it bore the hallmarks of a state-sponsored attack aimed to steal critical government data or disrupt critical infrastructure.
“We don’t know if this attack is tied to the Olympics, but it’s clear that the attackers are going after widely deployed platforms, similar to the SolarWinds attack in the US.”
Government agencies and critical infrastructure entities targeted in global campaign
The incident closely resembles the Accellion File Sharing Appliance cyber attack that affected several Fortune 500 companies. Hacking a file-sharing system allows hackers to easily intercept sensitive data on transit, saving them the effort required to compromise individual companies.
Although full attribution is underway, earlier this year more than 200 government entities in Japan suffered cyber attacks associated with the Chinese Military, according to the public broadcaster NHK. A state-sponsored cyber crime known as Tick operating under the Chinese Liberation Army was responsible for the attacks. FireEye says the group, whose operations date as early as 2009, has targeted hundreds of Japanese research institutions. The group is primarily interested in intellectual property theft in critical industries such as defense, heavy industry, technology, aerospace, banking, automotive, and healthcare industries.
The latest attack on Japanese government agencies is seen as part of a global cyber espionage campaign targeting government organizations and critical infrastructure agencies. These cyber threats are usually associated with Russia and China. A few weeks ago, Ireland’s department of health suffered a successful ransomware attack while another failed. Similarly, Colonial Pipeline is still dealing with the effects of a ransomware attack that disrupted transport, causing fuel shortages in 80% of gas stations in Washington.
ProjectWEB discontinued after the cyber attack
Fujitsu deactivated the software platform a day after discovering the cyber attack on May 24, 2021. The tech giant promised to continue investigating the incident and assist its affected customers.
“The attack on these Japanese government agencies is a stark reminder of the cyber risks posed by the supply chain,” Oz Alashe, CEO of behavioral security platform CybSafe. “Securing their own networks, data and users is a challenge in itself for organizations, and the threat of data loss and compromise via third parties in the supply chain adds a new layer of complexity to the equation.”
Alashe says that it was no longer enough for organizations and business agencies to secure their systems.
“With more organizations relying heavily on third-party tools as part of their transition to digital, it is crucial data security is a key component of the due diligence process when selecting a supplier to partner with,” Alashe adds. “The supply chain can be the chink in the armor for government agencies and larger businesses, and it must be treated with the caution and care that the threat merits.”