Fujitsu revealed that attackers behind the data breach in May exploited a weakness in Fujitsu’s ProjectWEB information-sharing platform to hijack accounts from genuine users and access confidential data belonging to numerous Japanese government entities. During the ProjectWEB breach, the threat actors obtained access to at least 76,000 email accounts.
Following the attack, the Cabinet Secretariat’s national cybersecurity center (NISC) advised [1, 2] government agencies and critical infrastructure companies to check for illegal access or data leakage symptoms using Fujitsu’s ProjectWEB tool.
Today, the business said that the investigation into the incident discovered multiple security flaws that attackers may have used to obtain access to ProjectWEB accounts. They got illegal access by hijacking real users’ ProjectWEB accounts, which allowed them to blend in and elude detection, as revealed during an internal examination.
“One of these was used to illegitimately obtain legitimate IDs and passwords to make unauthorized access to ProjectWEB in such a way that it appeared like an authorized user was accessing the tool through normal channels of authentication and communication,” Fujitsu said.
“At present, the cause of this incident and our company’s response are additionally being verified by a committee comprised of external experts. In addition, from an objective and technical perspective, Fujitsu is consulting with the National center of Incident readiness and Strategy for Cybersecurity (NISC) to confirm the appropriateness of the investigation into the cause of this incident and the confirmation of the extent of impact of the incident. Based on the results of the verification by the external committee and advice from Japan’s NISC and other relevant authorities, Fujitsu will summarize this matter at an appropriate time.”
Following the breach’s discovery, the firm halted and canceled the ProjectWEB site, with plans to launch and transition users to a new zero-trust project information sharing solution. Since mid-December 2020, hundreds of client organizations, including banks, government agencies, and IT corporations, have been impacted by a hacking campaign targeting Accellion File Transfer Appliance (FTA).
Fujitsu is a global technology corporation headquartered in Japan that employs over 126,000 people in over 100 countries. Fujitsu reported $34 billion in consolidated revenue in the previous fiscal year.