Hackers Exploited Fujitsu SaaS Targeting Japanese Govt Agencies In New Supply-Chain Attack

A serious cyber attack has recently been brought to the attention of numerous Japanese government agencies. In what appears a supply-chain attack, the hackers exploited Fujitsu software to break into the agencies’ network and steal data.

Fujitsu Supply-Chain Attack Targeted Japanese Agencies

Reportedly, a serious hacking attack has collectively targeted multiple government agencies in Japan.

As it turns out, the attackers basically exploited a SaaS platform from Fujitsu – the ProjectWEB – to conduct the attack.

For now, it remains unclear whether the attackers exploited a vulnerability in the software or infiltrated the platform by some other means.

Yet, the Ministry of Land, Infrastructure, Transport, and Tourism, Japan, has revealed that the attackers managed to steal huge data. This includes at least 76,000 email addresses, email system settings, and proprietary information.

Though, they assured that the incident didn’t cause any system failures or business interruptions. Also, they pledged to inform the relevant users of the leaked email addresses about the attack individually.

Besides, Japanese media has also reported the potential impact of this attack on the Narita Airport, Tokyo, as well. As stated,

The hackers accessed the software at Narita Airport east of Tokyo and stole data on air traffic control, prompting the Cabinet Secretariat’s national cybersecurity center to alert establishments that use the software.

Fujitsu ProjectWEB Platform Went Offline

In the wake of the recent supply-chain attack, Fujitsu has announced taking down the ProjectWEB Platform in a press release. As stated in it [translated],

The scope and cause of this incident are currently under investigation, and the operation of “Project WEB” has been suspended to prevent further unauthorized access.

For now, details of the attack that how the attackers infiltrated the network and their identity, remain unclear.

Nonetheless, Fujitsu has pledged to continue investigating the matter.

Given the apparent huge impact, this incident may also turn huge following the likes of SolarWinds, Accellion, or Codecov attacks.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients