New hacking attack against a defense contractor might have exposed classified intelligence.

Earlier today, Japan's most important weapons contractor – Mitsubishi Heavy Industries –confirmed that its network was compromised by an unknown group of cyber-criminals looking for mission-critical information on submarines and missiles.

Apparently, the attack was carried out via a spear phishing campaign (that is, contacting a key person through an e-mail message that probably has a wealth of personal information in order to gain their confidence and con them into revealing sensitive info or into installing a piece of malware on a network node) targeting Mitsubishi staff.  This is not the first cyber-hack aimed at defense contractors using e-mail as an infection vector. 

Google confirmed that, in February 2011, a number of Gmail addresses belonging to US, Taiwanese and Chinese military officials have been compromised via spear-phishing techniques. If the Gmail hack might have exposed some sensitive information, today’s breach in the Mitsubishi Heavy Industries’ network is a different ball game.

Here are some scenarios that cover a potential data leak from a manufacturer of war equipment, including surface-to-air missiles, warships, and submarines:

·         Military espionage: defense contractors and weapon-makers have huge research budgets so they can innovate and outpace other governments. Regardless of their advances in the industry, a military data breach would immediately wipe out any advantage. With stolen classifiedintelligence, a hostile government could enjoy the same technology at little to no military expense.

·          Counter-measuring: even the most important military achievement is worth nothing when an opponent gets detailed information on how the technology works, how it is implemented and, most important, its weak spots.

·         Military havoc / terrorism: Mitsubishi Heavy Industries builds missiles for the Japanese government. Some missiles have advanced guidance systems using radio and laser to receive commands via satellite in order to reach their target. Now, the worst-case scenario includes cyber-criminals getting enough information from the Mitsubishi Heavy attack to know how the signal is encrypted and processed. More than that, there have been numerous reports of hacking into commercial satellites. In this context, it’s within the realm of possibility that hackers could intercept a test launch and hijack the missiles against a third-party state or objective.

Although there are little to no details on the piece of malware used to breach the Mitsubishi network, we strongly doubt that it can match the pervasiveness of Stuxnet. Most likely, cyber-criminals have exploited a vulnerability in the operating system or additional software in order to plant a regular piece of malware such as a keylogger or backdoor.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.