Attackers did after all steal plans for fighter jets and nuclear power plant safety systems during August’s hack of Japanese defence contractor Mitsubishi Heavy, sources in the country have claimed.
The unsourced revelation in the Japanese press adds more detail to what has always looked like a serious attack on several companies the gravity of which the authorities have always attempted to play down.
Suspicions of a targeted attack sounded alarm bells when Mitsubishi admitted in September that password-stealing Trojan and other malware had been used to infect 83 PCs and servers at the company across 11 facilities in the country.
After saying it believed that this incursion caused on serious data loss, unidentified sources have now told Japanese newspapers that a forensic investigation of additional PCs has revealed significant data loss.
It was later reported that an intermediary for the attack appeared to be a compromised PC inside the Society of Japanese Aerospace Companies (SJAC).
There was now “firm evidence” that secret data relating to a range of defence equipment including fighter jets and helicopters and nuclear power stations had been transmitted to points outside the company, a potential calamitous breach of data security.
Concern will now turn to other companies in the defence sector believed to have been part of the same attack, including Kawasaki Heavy, in what is fast becoming Japan’s most serious ever high-level security breach.
Suspicions will centre on China, which is also now being connected to a separate cyberattack in which the passwords for politicians in the country’s Lower House legislature were stolen.
"A response to cyber-attacks is an important challenge in terms of national security and crisis management. We want to take all possible measures," Japanese chief cabinet secretary Osamu Fujimura reportedly told local journalists in a news conference after hearing of the attack on the country’s politicians.