Posted on May 27, 2021 at 5:57 PM
A recent report revealed that Fujitsu’s “ProjectWEB” information sharing tool was used to breach offices of multiple Japanese agencies.
According to Fujitsu, the threat actors gained unauthorized access to projects that utilized ProjectWEB, stealing some data in the process.
An investigation has been launched to find out more about the breach, but it’s unclear whether the attack occurred due to a targeted supply-chain attack or vulnerability exploits.
About 76,000 email addresses were accessed
Japan’s National Cyber Security Center (NISC), on Wednesday, stated that the threat actors succeeded in stealing inside information via the information-sharing tool of Fujitsu.
The company also admitted that the threat group was able to access other projects that utilize the ProjectWEB tool.
The tool allows entities to exchange information within their organization, especially among stakeholders and project managers.
The unauthorized access to government systems through ProjectWEB enabled the hackers to have access to about 76,000 email addresses, according to the report.
The intrusion was detected on Monday by Fujitsu, according to the SISC, which is investigating the incident for the Japanese government.
Narita Airport also impacted
A Fujitsu document showed that as of 2009, the tool was deployed in not less than 7,800 projects.
The compromised email addresses also include those from external parties, although the majority of them have been informed.
The Fujitsu attackers also got a hold of business operations, flight schedules, and air traffic control data. With such details, the gang attacked Japan’s Narita International Airport.
Also, there was another data leak in Japan’s Ministry of Foreign Affairs, leading to the exposure of study materials to unauthorized actors.
Following these breaches, the NISC has issued multiple advisories to alert other government agencies and organizations still using Fujitsu’s tool. They have been advised to look for signs of information leakage or unauthorized access on their network.
Fujitsu’s ProjectWEB online portal suspended
As the extent of damage by the attack is under investigation, Fujitsu has suspended its ProjectWEB portal until the investigation is complete. When users try to access the URL of the login, it keeps timing out.
Security researchers have also weighed in on the hacking incident, advising organizations how to check whether their systems have been impacted.
The ProjectWEB portal is hosted on the “soln.jp” domain, and organizations have been asked to look for traces of the domain on their network logs.
Fujitsu has also stated that it has informed authorities about the breach and works in line with their customers to find out the actual cause of the breach.
“Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities,” the company stated after confirming the breach and the attack on Japanese agencies.
Hacking tool to the Accellion file-sharing tool
Due to the investigation currently going on, the company has refused to disclose any technical details of the attack. However, the hacking incident and tools used to resemble the work of the Accellion hacking group. The tools used in the recent attack works like the Accellion file sharing tool, which was used to impact hundreds of entities recently.
The affected organizations include the Narita Airport and Ministry of Land, Infrastructure, Tourism, and Transport. There was a report that the Cabinet Secretariat was affected as well.
However, Chief Cabinet Secretary Katsunobu Kato has revealed that the cabinet’s system was not impacted and its operations have not been hindered in any way. This would be seen as positive news because many agencies using the Fujitsu information-sharing tools were affected.
Second time of attack this year
The files stolen include several files that government workers store on the ProjectWEB file-sharing platform. Some of the files date back to the mid-2000s when some Japanese government agencies started using the Fujitsu tool.
This is not the first time the Japanese government has been targeted this year. Last month, a hacking campaign targeted the FileZen file-sharing servers manufactured by Soliton.