Japan’s Mitsubishi Electric targeted in cyberattack blamed on Chinese hackers

Mitsubishi Electric, a major defence and electronics firm in Japan, said no sensitive information had been compromised
The cyberattack means Japanese companies are likely to redouble efforts to protect their private data

Japan

Julian Ryall

Published: 3:30pm, 20 Jan 2020

Why you can trust SCMP

Mitsubishi Electric Corp, one of Japan’s largest defence and electronics firms, confirmed on Monday it had been the target of an extensive cyberattack but said no sensitive information had been obtained by the hackers.

Local media reported that a cybercrime group based in China was believed to be behind the attack, with an analyst suggesting the large-scale assault on one of Japan’s most powerful corporations may force more companies in the country to reassess their vulnerabilities.

In a statement on Monday morning, the Tokyo-based firm said internal checks identified irregular activity on a device in Japan on June 28 last year. An internal investigation subsequently found that hackers had been able to gain access to the management section at the company’s headquarters and at a number of branch offices, targeting employees’ personal computers and company servers.

The head office of Mitsubishi Electric Corp in Tokyo, Japan. Photo: Kyodo

The company immediately restricted external access to its facilities, while the investigation “confirmed that no technical information or important information related to our business partners has been leaked”.

Kyodo reported that email exchanges with the Defence Ministry and Nuclear Regulation Authority and documents relating to projects with private firms could potentially have been compromised.

Chief Cabinet Secretary Yoshihide Suga said the government had been notified, and that the targeted information related to job applicants and employees of the company, as well as its sales and technologies.

“They have confirmed there is no leak of sensitive information regarding defence equipment and electricity,” Suga said.

In the statement, Mitsubishi Electric apologised for “causing great worry and inconvenience”.

Japan's Chief Cabinet Secretary Yoshihide Suga confirmed that no sensitive defence or electricity information had been compromised in the Mitsubishi Electric cyberattack. Photo: Bloomberg

Ivan Tselichtchev, a professor of business at Niigata University of Management, said cybersecurity is becoming a major issue in Japan. “Something like this means that companies are going to be paying more and more attention to having higher levels of security than they have had to date.

“Up until now, there have not been many structural issues impeding Japanese companies’ management, but from now on the risk will be higher and firms will have to do more to protect themselves,” he said.

Keep out, hackers: simple tips to protect smart home devices

If more evidence emerges linking a Chinese group to the attack, it is likely that Tokyo and the Japanese business community with a presence in China will make official – but very private – representations to Beijing to take steps to block future assaults on firms’ private data, Tselichtchev said.

Simultaneously, Japanese companies will “refocus efforts” to protect their private data, he added.

The logo of Mitsubishi Electric Corp. Photo: Kyodo

Founded in 1921, Mitsubishi Electric is a core company of the Mitsubishi conglomerate and produces energy and electric systems, electronic devices, industrial automation systems, information and communications equipment, home appliances and systems for Japan’s space projects. It was the third-largest contractor for Japan’s defence ministry in 2018. It has also been involved in the cybersecurity business.

Additional reporting by Kyodo

This article appeared in the South China Morning Post print edition as: Chinese group suspected of cyber hit on Mitsubishi unit

Post