Multiple Japanese government agencies were breached through Fujitsu’s “ProjectWEB” information sharing tool.
Fujitsu stated that the threat actors attained unauthorized access to projects that used ProjectWEB, and stole some customer data.
Fujitsu’s ProjectWEB enables companies and organizations to exchange information internally, such as with project managers and stakeholders.
The Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC) of Japan announced that attackers were able to get inside information via Fujitsu’s information-sharing tool.
By gaining unauthorized access to government systems via ProjectWEB, attackers managed to get at least 76,000 e-mail addresses, and proprietary information, including the e-mail system settings.
As of 2009, the tool was widely used by approximately 7,800 projects.
The exposed email addresses included those of external parties, such as members of the Council of Experts, who have been individually notified.
According to a press report, Narita International Airport, located near Tokyo, was also affected as Fujitsu attackers managed to steal air traffic control data, flight schedules, and business operations.
Additionally, Japan’s Ministry of Foreign Affairs suffered from a data leak in which some study materials were exposed to unauthorized actors.
So, the Cabinet Secretariat’s national cybersecurity center (NISC) issued multiple advisories alerting government agencies and critical infrastructure organizations using Fujitsu’s tool to check for signs of unauthorized access and information leakage.
Fujitsu has suspended its ProjectWEB portal while the scope and cause of this incident are being fully investigated.
It is not yet clear if this breach occurred due to a vulnerability exploit, or a targeted supply-chain attack, and the investigation process is still ongoing.
Fujitsu states that they will be notifying the relevant authorities and work with their customers to identify the cause of the breach.
According to a Fujitsu spokesperson, the company is currently conducting a thorough review of this incident, and they are in close consultation with the Japanese authorities. As a precautionary measure, they have suspended the use of this tool, and have informed any potentially impacted customers.