Delaware, USA – January 20, 2020 – After publication information about the data breach in several local newspapers, Mitsubishi Electric released short confirmation with a minimum of details. The company discovered suspicious activity on June 28 last year, and an internal investigation began two months later. According to published materials, the Chinese state-sponsored group Bronze Butler is the main suspect in this attack. A suspicious file was found on one of the company’s servers, and further investigation revealed a compromised account. One of the publications claims that initially the attackers gained access to network one of the affiliates of Mitsubishi Electric in China, and from there they “moved” to Japan. Adversaries managed to gain access to 14 company departments, compromise dozens of systems and steal about 200 MB of sensitive data. To complicate the investigation, the group members deleted access logs. Mitsubishi Electric confirmed that no technical information or important data related to business partners has been leaked.
Mitsubishi Electric is one of the world’s leading names in the manufacture and sales of electrical and electronic products and systems used in a wide range of fields and applications as well as a key player in Japan’s defense and infrastructure industries. Bronze Butler APT is active since 2008, the group conducts cyber espionage operations aimed to exfiltrate intellectual property and other confidential data from Japanese organizations. You can check the MITRE ATT&CK section at Threat Detection Marketplace to learn more about techniques used by the group and find relevant content to secure your organization: https://tdm.socprime.com/att-ck/