Hackers Exploited Trend Micro Antivirus Zero-day In Mitsubishi Electric Hack

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

The Japanese electronics giant Mitsubishi Electric disclosed a hack last week. It now turns out that the attackers exploited a vulnerability in their antivirus program for the attack. Specifically, they exploited a zero-day bug in the Trend Micro OfficeScan antivirus.

Mitsubishi Electric Hack Last Year

The Japanese vendor Mitsubishi Electric declared a network hack last week in a press release. As revealed at the time (through the translated version of the press release), their network suffered the attack in June 2019. As a result, their system exposed data to the attackers, including “personal information and corporate confidential information”.  They did specify that the incident did not expose any important data relating to business partners. However, they did not reveal much technical detail about the incident.

Then in an updated press release,  they confirmed that the incident occurred due to unauthorized access to their network and may have leaked some “trade secrets”.

According to the (translated version of) the press release, some 200 MB of files was exposed that included data such as employment applicant information (1987 people), employee information (4566 people), and data related to retired employees of affiliate companies (1569 people). It also included some corporate data such as “technical material, sales materials, etc.”.

Furthermore, they also explained the cause behind the attack, which turned out to be a bug in their antivirus. As stated (translated),

The third (party) that exploited the vulnerability before the release of the security patch of the antivirus system used by our company.
This is due to unauthorized access by the user.

About Trend Micro Bug

Recently, ZDNet revealed that the attackers may have exploited a zero-day vulnerability (CVE-2019-18187) in the Trend Micro OfficeScan antivirus. It was a serious directory traversal vulnerability affecting the Trend Micro OfficeScan 11.0 SP1 and XG that could allow remote code execution. As described in their advisory:

Affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.

Trend Micro also confirmed “attempts of potential attacks against this vulnerability”, thus urging customers to update if they are running the vulnerable software.

It seems likely that the attackers had exploited the Trend Micro antivirus program bug to hack Mitsubishi systems. Nonetheless, official comments on this speculation are yet to arrive.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!