Hackers hit Japan's biggest defense contractor

Mitsubishi Heavy Industries confirms attack, but claims no secrets were stolen

Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.

The Daily Yomiuri , citing confidential sources, first reported the attack, which involved as many as eight different types of malware, including Trojan horses.

A U.S.-based Mitsubishi spokesman confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.

The Daily Yomiuri , citing confidential sources, first reported the attack, which involved as many as eight different types of malware, including Trojan horses.

A U.S.-based Mitsubishi spokesman confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.

Servers at Mitsubishi's Kobe shipyards, where the company builds diesel-electric submarines and components for nuclear power plants; at the company's Nagasaki shipyards; and at its Nagoya plant, which designs and manufactures missile guidance systems, were among those compromised, the spokesman said.

Mitsubishi Heavy's corporate headquarters in Yokohama was also affected by the infection.

"This is certainly the first incident [at Mitsubishi] of this magnitude," the spokesman admitted.

According to a Japanese-language statement issued by Mitsubishi on Monday, the infection was detected in mid-August and has been under investigation since then.

"Mitsubishi IP addresses had been disclosed, but [the attack] was caught at an early stage," said the U.S. spokesman, who added that the investigation had not turned up evidence that data had been pilfered from the compromised servers.

The attack against Mitsubishi followed others this year aimed at U.S. defense contractors, including Lockheed Martin , which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft. The Lockheed attack was carried out using information stolen earlier from RSA Security, the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.

Enterprise systems are often infected after attackers target individuals by sending them malware-infected business files, such as malicious Microsoft Excel spreadsheets or Word documents.

Other defense organizations were also targeted by the same malware-infected files that were used to hack into RSA's network.

Mitsubishi's spokesman said that the company had not pinpointed the origin of the attacks, but most experts have argued that Chinese hackers, perhaps supported by the Communist government, were responsible.

According to Defense News, Mitsubishi Heavy was the world's 26th-largest defense contractor in 2010.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Topic Center.