A virtual private network (VPN) router in China was apparently the starting point for a series of cyberattacks against Mitsubishi Electric Corp. that leaked defense secrets and private information, according to sources.
The company disclosed the cyberattacks and leaks in January, and its investigation has raised suspicions that a Chinese group of hackers was responsible.
Use of VPN communications has spread rapidly among companies that have encouraged employees to work from home during the COVID-19 pandemic.
U.S. government agencies and other institutions in March issued a warning about the risk of VPNs being hacked and urged businesses and others to tighten security measures.
According to a summarized report released by Mitsubishi Electric in February, a virus spread among personal computers at the company’s base in China. The attack then expanded to the company’s headquarters in Japan.
Traces of illegal access were found at the VPN of a company data center in China, the sources said.
The VPN makes it possible to connect the company’s headquarters in Japan and bases abroad, including the one in China, via the internet.
Hackers attacked the VPN router first, then illegally accessed the corporate networks, the investigation by Mitsubishi Electrics concluded.
Based on the tactics used and other evidence, the company suspects the attacks were committed by the Black Tech hacking group.
Security-related companies in Europe and North America have deemed Black Tech a nation-backed group of hackers, citing their deft ability to exploit unknown defects hidden in devices and software. Some security experts suspect the group is connected to the People’s Liberation Army of China.
A Mitsubishi Electric representative declined to comment on the tactics used by the hackers because “it involves our company’s security system.”
(This article was written by Tatsuya Sudo, senior staff writer, and Hisashi Naito.)