The NEC Group has confirmed that hackers have accessed some of the internal servers that are used by the company’s defense unit. The Tokyo-based tech giant launched an investigation following the detection of unusual activity on their systems, which revealed that a third party had accessed 27445 files. The company claims that these files do not contain any secrets or personal information, but most of them concern technical details about defense equipment such as submarine sensors. NEC is one of the main contractors of Japan’s defense forces, providing them with radar and communication systems, so these documents likely contained relevant schematics and specifications.
Some local news sources claim that the files accessed were actually contracts between NEC and its partners, and didn’t contain any data that could impact the Japanese defense system. With NEC choosing not to clarify what type of data was accessed, everyone is free to deduce anything they like. What the company did clarify though was the time of the attacks, which date to December 2016. NEC was unable to detect the attacks back then and only realized the penetration in June 2017 during their regular checks of the network logs.
From then on, NEC’s engineers isolated the infected PCs, deleted the malware, and blocked the infiltrator’s access. After a year, in July 2018, NEC managed to finally decrypt the encrypted communication between their server and the actor’s C2 infrastructure and finally found out about the exact extent of the breach. At that point, NEC informed any individuals who were directly affected by the incident, and the story was kept private and among a limited circle of people. That is until Japanese newspapers who somehow learned about this now decided to make the breach public.
These attacks are usually the work of state actors, possibly from China, who are after tech secrets that help the country’s industry catch up with the competition by stealing invaluable information from it. About ten days ago, Mitsubishi Electric disclosed a breach that was detected in June 2019, and which resulted in the unauthorized access of personal data of thousands of employees. Sources that are close to the company attribute the attack to the Chinese group of hackers known as “Tick”, which goes to show that the Chinese are persistently and systematically going after Japanese trade secrets. The particular cyber-espionage group has previously targeted organizations in South Korea, Russia, Singapore, and even foreign firms in China itself.