A security incident at Kawasaki Heavy Industries has potentially exposed sensitive data to external parties, the company has confirmed.
The Japanese firm, which manufactures motorcycles, military aircraft, and industrial machinery, among many other products, said an internal audit back in June revealed that its domestic servers had been accessed via an overseas office in Thailand.
It later discovered further unauthorized access via satellite offices in Indonesia, the Philippines, and the US.
Local media reported that the access started in September 2019 at the latest. The Japan Times also quoted Kawasaki as saying that administrator ID and passwords had been stolen as part of the incident.
Without a trace
Tokyo-headquartered Kawasaki said that entry to its servers “had been carried out with advanced technology that did not leave a trace”.
A news release (PDF) issued yesterday (December 28) stated that an investigation revealed that information related to “unknown content” may have been leaked to a third party.
It is not yet clear what type of data was accessed, nor how big the leak was.
According to the Japan Times, the cyber-attack may have been launched in an effort to obtain “defense-related information”, although this has not been confirmed.
The security alert reads: “[S]ince the confirmation of unauthorized access, [the] Kawasaki special project team engaged with an independent external security specialist firm [and] has been investigating and implementing countermeasures.”
It added: “[A]t the present time, we have found no evidence of leaking information including personal information to external parties.
“Customers who may have been affected by this unauthorized access are being contacted
individually.”
Kawasaki has also established an in-house cybersecurity team, which it says will “strengthen
security measures, analyzing the latest unauthorized access methods, to prevent recurrence”.
The Daily Swig has reached out to Kawasaki for further comment and will update this article accordingly.
Source: https://portswigger.net/daily-swig/kawasaki-heavy-industries-reports-data-breach-as-attackers-found-with-year-long-network-access