Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Fujitsu. Show all posts

Is Your Data Safe? Fujitsu Discovers Breach, Customers Warned

 


Fujitsu, a leading Japanese technology company, recently faced a grave cybersecurity breach when it discovered malware on some of its computer systems, potentially leading to the theft of customer data. This incident raises concerns about the security of sensitive information stored by the company.

With a workforce of over 124,000 and an annual revenue of $23.9 billion, Fujitsu operates globally, providing a wide range of IT services and products, including servers, software, and telecommunications equipment. The company has a strong presence in over 100 countries and maintains crucial ties with the Japanese government, participating in various public sector projects and national security initiatives.

The cybersecurity incident was disclosed in a recent announcement on Fujitsu's news portal, revealing that the malware infection compromised several business computers, possibly allowing hackers to access and extract personal and customer-related information. In response, Fujitsu promptly isolated the affected systems and intensified monitoring of its other computers while continuing to investigate the source and extent of the breach.

Although Fujitsu has not received reports of customer data misuse, it has taken proactive measures by informing the Personal Information Protection Commission and preparing individual notifications for affected customers. The company's transparency and swift action aim to mitigate potential risks and restore trust among stakeholders.

This is not the first time Fujitsu has faced cybersecurity challenges. In May 2021, the company's ProjectWEB tool was exploited, resulting in the theft of email addresses and proprietary data from multiple Japanese government agencies. Subsequent investigations revealed vulnerabilities in ProjectWEB, leading to its discontinuation and replacement with a more secure information-sharing tool.

Fujitsu's response to the recent breach highlights the urgency of safeguarding sensitive data in these circumstances. The company's commitment to addressing the issue and protecting customer information is crucial in maintaining trust and credibility in the digital age.

As Fujitsu continues to investigate the incident, it remains essential for customers and stakeholders to remain careful and implement necessary precautions to mitigate potential risks. The company's efforts to enhance security measures and improve transparency are essential steps towards preventing future breaches and ensuring the integrity of its services and systems.


Kyocera AVX: Electronic Manufacturer Company the Current Target of LockBit


Kyocera, a global electronics manufacturer, has apparently experienced what seems like a data breach, wherein their data was exposed by ransomware gang LockBit on their dark web blog. The company was one of several who felt the aftershocks of a breach at Japanese tech firm Fujitsu last year.

The group has set a June 9 deadline for the payment of an undetermined ransom. According to the blog, "all available data will be published" if the company does not collaborate with the cybercriminals before then.

Kyocera AVX

Kyocera AVX’s clients involves military, industrial and automotive industries, for whom the company manufactures electronic products. It was established in the 1970s, and since 1990, it has been a part of Kyocera, a Japanese electronics business best known for its printers. Over 10,000 individuals are employed by it globally.

On May 26th, security researchers revealed that selected data of the company has been leaked and posted to LockBit’s dark web victim blog.

Apparently, the company’s data was breached following a cyberattack that took place on Fujitsu last year. The attack might have been the reason why LockBit was able to launch a supply chain attack on Kyocera AVX, and other companies that are partnered with Fujitsu via cyber or other social engineering attacks.

According to a Financial Times report, Fujitsu confirmed the attacks in December following a heads-up given by police agency of a potential intrusion. The intrusion further gave outsiders access to emails sent through an email system powered by Fujitsu.

It was later revealed that at least ten Japan-based companies, along with Kyocera AVX were victims of the attack.

LockBit Continues Cyber Activities Against Russia’s Enemy 

Ransomware gang LockBit, which is assumed to have originated in Russia has been on news highlights pertaining to its interest on targeting organizations based in US and allied countries. 

According to a report by security firm Malwarebytes, 126 victims have been posted by the ransomware gang in February alone.

This year, the gang targeted the UK Royal Mail, demanding ransom of $80 million in bitcoin. When the business refused to pay up, labeling the demands "ridiculous," the gang retaliated by sharing the information along with copies of the conversations between LockBit and Royal Mail's officials.

Later, it stole client information from WH Smith, a high-end street retailer in the UK. The hacker used current and previous employees' personal information. Since then, there has been no information indicating whether the business has paid the ransom.

In its recent case, this month, an individual named Mikhail Pavlovich Matveev who claims to have been involved with LockBit, has a bounty of $10 million on his head placed by the FBI. With connections to both the Hive and Babuk organizations, Matveev is believed to be a major participant in the Russian ransomware ecosystem.  

Data From Fujitsu is Being Sold on the Dark Web

 

An organisation called Marketo is selling data from Fujitsu on the dark web, although the firm claims the information "appears to be tied to customers" rather than their own systems. Marketo announced on its leak site on August 26 that it had 4 GB of stolen data and was selling it. They claimed to have private customer information, company data, budget data, reports, and other company papers, including project information, and gave samples of the data.

Fujitsu Limited, based in Tokyo, is a Japanese multinational information and communications technology equipment and services firm founded in 1935. After IBM, Accenture, and AWS, Fujitsu was the world's fourth-largest IT services company by yearly sales in 2018. Fujitsu's hardware portfolio consists mostly of personal and enterprise computing solutions, such as x86, SPARC, and mainframe compatible servers. 

Initially, the group's leak site stated that there were 280 bids on the data, but now it only shows 70 offers. A Fujitsu representative downplayed the event, saying there was no evidence it was linked to a case in May in which hackers used Fujitsu's ProjectWEB platform to steal data from Japanese government agencies. 

"We are aware that information has been uploaded to dark web auction site 'Marketo' that purports to have been obtained from our site. Details of the source of this information, including whether it comes from our systems or environment, are unknown," a Fujitsu spokesperson said. 

Marketo is a reliable source, according to Ivan Righi, a cyber threat intelligence expert at Digital Shadows. The veracity of the material stolen, according to Righi, cannot be validated, but prior data leaks by the group have been found to be real. 

"Therefore, it is likely that the data exposed on their website is legitimate. At the time of writing, Marketo has only exposed a 24.5 MB 'evidence package,' which contained some data relating to another Japanese company called Toray Industries. The group also provided three screenshots of spreadsheets allegedly stolen in the attack," Righi said.

The group has gone as far as sending samples of stolen data to a company's competitors, clients, and partners in the past to embarrass victims into paying for their data back. The group has listed hundreds of firms on their leak site, most notably Puma, and releases one every week, usually selling data from US and European corporations. At least seven industrial goods and services firms, as well as healthcare and technology firms, have been targeted. 

According to Brett Callow, a ransomware expert, and threat analyst at Emsisoft, it's unknown how Marketo gets the data it offers, but there's evidence that the data is frequently linked to ransomware attacks.

Fujitsu ProjectWEB Tool Used as a Doorway to Target Japanese Government Offices

 

Cybercriminals have breached the offices of multiple Japanese agencies by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems. 

A number o confidential files belonging to multiple Japanese government entities were also stolen after attackers gained unauthorized access to projects that used ProjectWEB, Fujitsu stated.

Various agencies including the Ministry of Land, Infrastructure, Transport, and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport acknowledged that hackers were able to gain inside information via Fujitsu's information-sharing tool. 

ProjectWEB is a software-as-a-service (SaaS) platform for enterprise collaboration and file platform that Fujitsu has operated since the mid-2000s, and which a number of agencies within the Japanese government currently use. Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers and stakeholders, for example.

Japanese press reported Narita International Airport, located near Tokyo, was impacted as well since Fujitsu attackers managed to steal air traffic control data, flight schedules, and information on business operations. Japanese press reported that the attackers stole documents that contained more than 76,000 email addresses for employees and contractors for the Ministry of Land, Infrastructure, Transport, and Tourism. However, the local authorities did not confirm the reports in a press conference on Wednesday. 

As a precautionary measure, Cabinet Secretariat's national cybersecurity center (NISC) issued multiple advisories alerting government agencies and critical infrastructure organizations using Fujitsu's tool to check for signs of unauthorized access and information leakage.
 
Fujitsu suspends ProjectWEB online portal 

Fujitsu decided to shut down the ProjectWEB platform on Tuesday to investigate the ‘scope and cause’ of the breach following the pressure from NISC and apologized “for the great concern and inconvenience” the breach caused its customers. 

“We will continue to work on investigating and analyzing the scope of impact and the causes of all projects that use [ProjectWEB] with the cooperation of our customers. We take this case very seriously and will continue to consult with the relevant authorities and make every effort to support the victims. that’s all Inquiries regarding this matter.” reads the data breach notice published by the Japanese firm. 

This is the second cyber incident the government of Japan has suffered in a month. In late April, a malicious campaign exploited two flaws, tracked as CVE-2020-5639 and CVE-2021-20655, in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations as part of a global hacking campaign that affected the Japan Prime Minister’s Cabinet Office.