New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Mitsubishi Electric Discloses Cyber-Attack

Mitsubishi Electric, which manufactures electronic goods ranging from household items to defense equipment, announced that they were the victims of a cyber-attack sometime last year. The intrusion came to light for the company last June when it detected unauthorized access to an in-house terminal, described by the company as “suspicious movement” without any further details to clarify what happened. It is possible that the company detected an attacker with control of a workstation leveraging stolen credentials to access the terminal, which is a common attacker technique known as lateral movement. Mitsubishi confirmed that there was no breach of sensitive data related to infrastructure projects that it is involved in but did state that it may have compromised both personal data of employees and “corporate data.”  No further details of how the initial infection took place or what kind of “corporate data” that were targeted have been released at this time.

Analyst Notes

While it is currently unknown who was behind the attack on Mitsubishi Electric, it is important to note that many attackers will reuse different pieces of personal and corporate data from one company to aid in targeting others. Payment invoices, work orders, contracts, and other communicates provide attackers valuable insight into how different companies work and interact with each other, while also helping them identify personnel to target within various organizations. When an attacker is able to spoof an email that appears to come from a person that someone has already had dealings with and is able to include details from previous interactions, it makes the message appear more legitimate. Any time that an attacker is able to make an email seem more legitimate, it increases the likelihood significantly that their phishing attack will be successful. Detecting lateral movement within the network can be a vital first indicator in catching an attacker and keeping them from gaining access deeper into systems. End-point monitoring solutions, such as Binary Defense’s MDR, Managed Detection and Response, can help to detect lateral movement early on so that infected systems can be quickly identified and quarantined. More information on this incident can be found at https://www3.nhk.or.jp/nhkworld/en/news/20200120_18/