‘Kawasaki Heavy Industries’ has published an announcement disclosing an incident of unauthorized access to its systems. According to the details given in the news release, the identification of the access occurred as far back as in June 2020, when a system from a Thailand based office was found to have established a connection with Japan-based servers of the firm. The subsequent investigation revealed more cases of unauthorized access from overseas offices in Indonesia, the Philippines, and even other locations in Japan.
Kawasaki blocked access from all of these locations, strengthened the access-related restrictions, and looked into the logs to figure out what was accessed or exfiltrated. According to what they are now in a confident position to state, there is no evidence of information leaks to external networks, and neither is there anything to suggest that the hackers still have access. The reason why it took the company so much time to announce this was the very scope of the investigation, involving 3,000 terminals overseas and approximately 26,000 terminals in Japan and Thailand.
Kawasaki is known for manufacturing motorcycles and engines, but the Japanese public corporation is also engaged in the field of aerospace and defense equipment. As such, the possibility of state-supported actors looking to access military secrets is very much extant. This year, we have seen such occurrences with Mitsubishi Electric admitting that hackers stole missile system details in May and a report revealing that Chinese actors (“Cicada”) have been performing stealthy cyber-espionage against top-level Japanese entities for an extensive period of time.
In this case, Kawasaki couldn’t discern the specific breach date, as the unauthorized connection was revealed during an audit and not as a result of a security system alarm. However, there are some signs that it started in September 2019. What they were able to figure out was the way in, and apparently, the hackers held valid administrator credentials. It is also unknown if the various different connections from the individual offices were controlled by the same actor or different ones.
If you are a customer of Kawasaki and you’re worried about the incident, you may check your emails. The firm promised to notify all of the potentially affected clients by contacting them individually. Because your data may have been accessed by hackers over a year ago, you may have already fallen victim to fraud. If you suspect that, contact the law enforcement authorities and share all the details immediately.