Mitsubishi data breach

Mitsubishi Electric Corporation announced that it experienced a major data breach in June 2019 that has been traced back to a Chinese hacking group.

“[O]ur network has been subject to unauthorised access by third parties. We have confirmed that trade secrets may have leaked out,” the company announced in a brief press release January 20. 

The announcement from the electronics giant was released shortly after two Japanese newspapers, Nikkei and Asahi Shimbum reported on the breach.

“The leaked information seems to include information on social infrastructure such as defense, electric power and railways, information on ordering and development of products with business partners, and materials from executive meetings,” reported Nikkei

The company admitted that some data had been compromised, but denied that the data included defense contract and partner information. Japanese Secretary-General Yoshii Kan confirmed this in a press conference, stating that there was “no leak of sensitive information.”

According to Mitsubishi, the breach occurred as the result of a zero-day vulnerability in its anti-virus software that was exploited by hackers.

Asahi Shimbum has attributed the breach to Tick (also known as Bronze Butler and RedBaldKnight), a Chinese Advanced Persistent Threat (APT) group that has been linked to several other hacking campaigns against Japanese defense, biotech, and electronics companies.