Kawasaki: Cyber Incident May Have Resulted in Data LossAttackers Gained Access to Company's Network Through Remote, Overseas Servers
Kawasaki Heavy Industries reported Monday that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
See Also: Cyber Incident Response Guide
The breach was discovered on June 11, after an internal audit found an unauthorized connection between a company server in Japan and another corporate server located in Thailand, the company says. Communication with the Thai server was immediately severed, but the follow-up investigation found additional unauthorized connections.
"Other unauthorized accesses to servers in Japan from other overseas sites (Indonesia, the Philippines, and the United States) were subsequently discovered," Kawasaki says.
The company did not say when the unauthorized access began or who was behind the attack. Kawasaki did note that its attacker did not leave any traces inside its network.
Kawasaki gave only vague details on what type of information may have been accessed, simply noting that its various business divisions routinely handle important sensitive personal and infrastructure-related information.
Kawasaki Heavy Industries produces a wide variety of consumer products, including motorcycles and marine craft, along with heavy industrial equipment for the energy and aerospace sectors.
The company has since implemented "enhanced monitoring operations" to data moving between overseas offices and tightened access restrictions to block unauthorized accesses.
Kawasaki says the six-month delay in reporting the incident was due to the scope of the attack and the large number of overseas offices that were involved. Four days after finding the intrusion, Kawasaki confirmed that a third party accessed corporate data through the Thai server, but this was only one aspect of the attack. The company did, however, provide a timeline of how the breach unfolded.
- June 15 - Data breach through the Thailand server confirmed;
- June 16 - The Thai server also was used to access additional corporate assets in Japan;
- June 24 - The investigation confirmed that unauthorized access had taken place between corporate assets in the Philippines and Indonesia and Japan;
- July 8 - The company confirmed suspicious unauthorized accesses from overseas offices in the United States to the Japan office and added additional restrictions to the network between the U.S. and Japanese offices.
In the following weeks, the company implemented enhanced network communication restrictions at all overseas and Japanese offices and began a security check of almost 30,000 corporate terminals. By Oct. 30, the company determined that no further unauthorized access was taking place and allowed communication between network terminals located in Japan and overseas to be restored.
Kawasaki also created the Cyber Security Group on Nov. 1. Its task is to strengthen corporate security measures and to keep track of the latest unauthorized access methods to stop a similar incident from happening in the future.
Corporations in the Crosshairs
Kawasaki joins several other major manufacturers who were hit with cyber incidents this year.
In early December, Italian police arrested two employees of the defense contractor Leonardo for installing a backdoor into the company's network. Earlier this year, the Singapore-based defense contractor ST Engineering reported its American subsidiary VT San Antonio Aerospace had been hit with ransomware.