Mitsubishi Electric attack down to CCP-hacked VPN server

Mitsubishi Electric website under a magnifying glass

Back in January, Mitsubishi Electric, one of Japan’s largest electronics and electrical equipment manufacturers revealed that it had fallen victim to a hack with agents from the Communist regime in China believed to be responsible.

Details at the time were scarce given the sensitivity of the matter, but now a report into the breach has revealed that it was likely to have been caused by a hacked VPN router.

The Mitsubishi breach

The hack in question is believed to have occurred on June 28th last year and, even though Mitsubishi Electric only made the news public earlier this year, they started investigating the matter in September.

In the initial Japanese media reports, the finger of blame was pointed firmly at a Chinese hacking collective known as Tick (not to be confused with Tik Tok, the social media site which does also have close links to the Chinese Communist regime) or Bronze Butler.

They claimed at the time that the hackers gained entry through a compromised user account and stole sensitive data from the company’s internal network. One report stated that this included 200 MB of files, something which Mitsubishi didn’t dispute.

Given Mitsubishi’s defence and infrastructure roles in Japan, the hack was treated with the utmost severity and Mitsubishi worked with members of Japan’s Ministry of Defence and other government officials on addressing the issue.

A compromised VPN server

Mitsubishi completed their report into the hack in February but only now has a summary of its findings been made public.

They discovered that the hackers succeeded in planting a virus onto several personal computers at Mitsubishi’s offices in China and then spread it back to their headquarters in Japan.

According to the report, traces of illegal access were found at the VPN of a company data centre in China suggesting that this was what they used to gain access to Mitsubishi’s internet rather than a compromised user account.

It is important to stress that Mitsubishi would have been using a corporate VPN designed to help their various offices around the world connect and share information securely. This is a very different type of technology to the personal VPNs you and I are using.

The VPN router was reportedly the first thing the hackers accessed. They then used this server to illegally access the company’s corporate network and access sensitive information.

There have been no further details about what they might have accessed and Mitsubishi has refused for formally comment further on the hack because “it involves our company’s security system.”

One final interesting point in the report is who Mitsubishi Electric now appears to believe was responsible for the attack. They have named a hacking collective called Black Tech as most likely to be responsible.

Black Tech is known to be a state-backed group of Chinese hackers and several different security experts have highlighted likely links to the Communist People’s Liberation Army.

This appears to confirm that not only was the attack originated in China, but it was carried out with the knowledge and cooperation of the Chinese Communist regime and defence and security information was most likely what they were after.

Lessons to learn from the Mitsubishi Electric hack

While Mitsubishi Electric has refused to confirm what information was stolen in the hack, it appears to be just the latest in a very long line of hacks of this nature that can be traced back to the Chinese Communist regime.

Their theft of intellectual property and security information is legendary and there is no sign that their efforts to steal such information has slowed down despite the coronavirus pandemic.

But at a time when businesses around the world are being forced to roll out remote working at speed, they are more vulnerable to such attacks than usual.

The use of corporate VPNs has risen significantly in the past few months and this is not the only example where hackers have succeeded in compromising a server of one of these entities.

This is why it is so important for companies to not just choose any corporate VPN but find the right one for them and ensure it is rolled out properly to their staff and everyone using it has access to the appropriate training to keep themselves and their company safe and secure.

The same is also true for those small businesses and individual workers who are using personal VPNs to keep themselves safe online. Take the time to familiarize yourself with the software and optimise the settings to suit your needs.

While the Chinese Communist Party is one of the biggest online threats out there, it is by no means the only one and while we are all being told to stay safe in the real world, it is also extremely important that we do so online as well.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *