Fujitsu SaaS attack leaves Japanese government in turmoil

Threat actors gained access to Fujitsu’s systems by compromising its software-as-a-service (SaaS) platform, stealing documents from several official Japanese government agencies.

According to an article by analytics firm Recorded Future, the Japan-based tech giant temporarily disabled ProjectWEB Enterprise after learning of the attack, which so far has affected the Ministry of Land, Infrastructure, Transport and Tourism, the Cabinet The Secretariat and Narita Airport, but possibly other victims.

ProjectWEB is a cloud-based enterprise collaboration and file sharing platform that Fujitsu has been operating since the mid-2000s and is currently used by some agencies of the Japanese government.

The Fujitsu Cabinet Cyber ​​Security Center (NISC), which is investigating the incident, said the vulnerability was discovered on Monday and issued an advisory the next day directing all government agencies to take countermeasures to check if they were using ProjectWEB.

If so, the NISC recommends that agencies investigate to see if they too have been compromised and promptly report unauthorized access or data breaches, according to a statement posted online Tuesday.

Platform is disabled

Under pressure from the NISC, Fujitsu decided on Tuesday to suspend the operation of ProjectWEB and apologized for the loss and inconvenience caused to its customers by the breach.

“We, with the cooperation of our clients, remain committed to the investigation and analysis of all projects using ProjectWEB, and we take this case very seriously and will continue to consult with the appropriate authorities and do everything we can to support the victims,” ​​the statement said.

Although Fujitsu did not disclose the details or scope of the stolen documents, a report in Japanese media said the attackers’ stolen documents contained the email addresses of more than 76,000 Ministry of Land, Infrastructure, Transport and Tourism employees and contractors.

According to another report by Japanese public broadcaster NHK, air traffic control data at Tokyo’s Narita Airport was also stolen. Authorities also did not reveal who was behind the attack and what their motives might have been.

Governments targeted by hackers

The attack was the second cyber attack on the Japanese government in a month. In late April, attackers exploited two vulnerabilities in a popular file-sharing server of Japan’s Solito company to break into corporate and government systems and steal sensitive data, in what became a serious incident affecting the Prime Minister’s Cabinet Office. Global hacking campaign. The incident is similar to a series of Accellion attacks earlier this year.

In fact, government agencies and their affiliates around the world have also recently suffered a spate of cyber-attacks that have caused varying degrees of damage.

The magnitude of the ransomware attack on major U.S. oil supplier Colonial Pipeline earlier this month was evident. About a week later, the Irish Ministry of Health was hit with two ransomware attacks, one successful and one unsuccessful, that severely disrupted medical services and appointments, causing tens of millions of dollars in damage.

The ProjectWEB incident is also not the first time Fujitsu has suspended service operations due to a security incident. In 2019, the company discontinued the LX901, the then-popular Fujitsu wireless keyboard set, after researchers found it vulnerable to injection attacks that could allow attackers to take control of a victim’s system.

The Links:   BSM30GP60   LM641836