New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Customer Data Stolen in Fujitsu ProjectWEB Breach

Fujitsu’s file and information sharing portal ProjectWEB has been taken offline following a reported data breach. Multiple government agencies in Japan have announced that the attackers had obtained information stored with ProjectWEB. The Ministry of Land, Infrastructure, Transport, and Tourism confirmed that at least 76,000 email addresses, along with proprietary information, had been accessed. Japan’s National Cyber Security Center (NISC) has issued multiple advisories to alert government agencies and critical infrastructure using ProjectWEB to look for signs of unauthorized access or stolen data.

Fujitsu has stated through a press release that they will be notifying authorities while working with customers to identify the cause of the breach. When reached out to by BleepingComputer, a spokesperson for Fujistu replied “Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities. As a precautionary measure, we have suspended [the] use of this tool, and we have informed any potentially impacted customers.”

Analyst Notes

BleepingComputer notes that the ProjectWEB breach is similar to the Accellion FTA (file transfer appliance) attack that occurred in December 2020 where multiple customers of Accellion had data stolen after attackers abused flaws in the service. In this case, ProjectWEB appears to be an external web portal, rather than a hosted appliance. Customers of ProjectWEB should be on the lookout for an increased amount of spam. Any re-used passwords should be changed as a precaution as well. As mentioned in the NISC advisories, customers should also monitor for signs of leaked data where possible. If any credentials were stored in sensitive documents, these should be assumed to be compromised as well.