Threat Management, Breach, Threat Management, Threat Intelligence, Data Security

Mitsubishi Electric discloses June 2019 breach; Tick hacking group reportedly blamed

Japanese manufacturer Mitsubishi Electric has acknowledged its discovery last June of a data breach perpetrated by an unauthorized third party that accessed both personal employee information and corporate materials.

The public disclosure came amid multiple English and Japanese news sources publishing details on the incident [1, 2, 3, 4, 5], which experts believe may be the work of the Tick hacking group, also known as the suspected Chinese cyber espionage actor Bronze Butler.

According to reports, the malicious actor was privy to data corresponding to more than 8,000 current and former employees, as well as various job-seekers who applied for a position between 2011 and April 2020. This reportedly includes results from a 2012 survey about a human resources system, and data on 1,569 retirees who received severance pay sometime between between 2007 and 2019.

Compromised information may include names, birthdates, telephone numbers and places of work.

On the corporate client side, the hack reportedly exposed data belonging to over 10 government organizations and dozens of businesses, some of which work in the defense, energy, transportation and telecom sectors. Impacted government agencies include the Ministry of Defense, the Nuclear Regulatory Commission and the Agency for Natural Resources and Energy.

Mitsubishi claimed in a brief corporate statement that the accessed government materials did not involve "technical information or important information related to business partners," and that "no damage or impact related to this matter has been confirmed."

According to an Asahi Shinbum report, Mitsubishi detected the suspicious cyber activity at its at its Information Technology R&D Center in Kamakura, Kanagawa Prefecture. Further investigation revealed that more than 40 servers and more than 120 computer terminals located in Japan and overseas were affected.

The report says the attackers invaded Mitsubishi's network by initially compromising an affiliated company in China before and using that access to advance into the main company systems. Asahi further noted that the took place a short time before before Mitsubishi Electric started providing a cybersecurity service for public facilities and office buildings.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.