ProjectWEB is a tool used by Japanese agencies to share information. According to Fujitsu, the breach happened through unauthorized access to various agencies’ offices.
According to officials, the attackers were able to access inside information stored by Fujitsu through its information-sharing tool.
In addition, the attackers gained unauthorized access to ProjectWEB’s databases and stole sensitive data.
According to the Ministry of Land, Infrastructure, Transport, and Tourism, through ProjectWEB, attackers were able to gain unauthorized access to over 76,000 e-mail addresses and various proprietary information from government agencies.
As of 2009, the tool was used by around 7,800 projects. The exposed email address included those of external parties and individuals.
The hackers also stole data from Tokyo’s Narita Airport, among it air traffic control data, flight schedules, and business operations data. In addition, the Japanese Ministry of Foreign Affairs suffered a data breach, exposing some study materials to unauthorized parties.
The Cabinet Secretary’s National Cyber Security Center (NCSC) issued several advisories to inform government agencies and critical infrastructure organizations about the unauthorized access.
Due to an unauthorized access issue with its ProjectWEB portal, Fujitsu has suspended its use while the breadth and cause of the problem are investigated. Fujitsu has confirmed that a breach has occurred and they will be informing the relevant authorities and their customers:
“Fujitsu can confirm unauthorized access to ‘Project WEB,’ a collaboration & project management software, used for Japanese-based projects. Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities. As a precautionary measure, we have suspended [the] use of this tool, and we have informed any potentially impacted customers,” a Fujitsu spokesperson told BleepingComputer.
Since ProjectWEB was hosted on the soln.jp domain,looking for traces of the domain or the aforementioned URL in your network logs is one approach to see if your company was impacted or was a ProjectWEB’s customer at some point.
Although the details behind the attack are still unknown, it brings to memories the Accellion file-sharing tool hack.