TADATSUGU SHIMAZU, Nikkei staff writer
TOKYO — A group of Chinese hackers has struck businesses across Japan and South Korea, employing techniques designed to evade conventional cybersecurity defenses.
The latest attack was reported Monday by Japan’s Mitsubishi Electric. Cyberthieves may have gained access to more than 8,000 pieces of personal information, the company said, but reported that no highly sensitive information had been compromised.
The Chinese hacker army known as Tick is suspected of involvement in the attack, said a source close to the investigation. The group has targeted tech companies in South Korea.
Tick’s favored method of operation begins by stealing email accounts belonging to private market research firms. The hackers then send emails to Chinese subsidiaries of target corporations in the guise of the research firms.
The emails contain malware that can be controlled remotely by Tick. Using the subsidiary’s computer system as a steppingstone, the hackers can gain access to the parent company’s networks and steal sensitive information.
Tick has grown increasingly active since roughly November 2018, when the group accelerated its development of malware, Tokyo cybersecurity company Trend Micro said. The hackers continuously modify malware and other tools to slip past cybersecurity software and device scans.
The infiltrators also have become adept at covering their tracks. It can take years before a company discovers the breach. Some in the Japanese government fear that hackers have compromised businesses other than Mitsubishi Electric.
But Tick is not the only hacker collective. In December 2018, the U.S. and Japan issued statements condemning a team called APT10.
Japan has urged domestic companies to bolster cyber defenses, and the Defense Ministry is rolling out tougher security standards for contractors. The level of compliance will be similar to what is required by the U.S. Department of Defense.