Japan Aerospace Exploration Agency hit again by malware

Monday, December 03, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

The New Your Times has recently published the news the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored from a computer in Tsukuba Space Center located in northeast area of Tokyo, where it has been detected a malware that was stealing information. The stolen data includes details on ongoing projects such as the Epsilon project, a solid-fuel rocket, this last feature is desirable for the attackers due the possible implication in military use.

The Japanese Epsilon project, started two years ago, is very innovative, it's new generation of rockets superior to the existing H-IIA rocket due to its reduced size that allow the shipment into orbit of satellite at a quarter of actual launch cost. But reduced dimension means also major capacity of manageability in military, solid-fuel rockets could in fact be used in military as intercontinental ballistic missiles.

The incident happened last November 21th , security experts detected a malicious agent inside the network of the agency that silently stolen data related to advanced projects of the agency. Immediately was started the procedure to sanitize the internal network and to conduct the necessary forensic analysis. It's not clear the real intent of the offensive that appears to be a targeted attack to steal intellectual property.

This is the second time during this year that Japan Aerospace Exploration Agency is hit by a cyber attack, last time a virus stole sensible information related another technological advanced project related to the design of an unmanned vessel that ferries cargo to the International Space Station, the “H-2 Transfer Vehicle”.

The Epsilon rocket will be launched next autumn but as highlighted by New York Times it is a complex project with a meaningful technological component and innovative contents. We must consider that Japan industry has been victims of different attacks during last year that used different instances of known viruses hitting mainly defense companies.

Following a shot list of known events :

  •  Mitsubishi Heavy Industries (defense contractor) August 2011 Companies networks infected by malware that sent outside information on defense systems.
  • Japan’s lower house of parliament October 2011 A cyber espionage campaign originated from China exposed sensible information at least a month.The infection was possible thanks phishing campaign against Lower House member started in July. Also in this case a malware was used for the attack.
  • Japan Aerospace Exploration Agency January 2012 Malware infected a data terminal at Japan’s space agency stealing sensitive information including data related to H-2 Transfer Vehicle
  • The Japanese Finance Ministry July 2012 The Japanese Finance Ministry declares that its computers have been infected with a virus in the from 2010 to 2011 causing leaks of information.

 

Some attacks were originated from China, the nation most active in cyber espionage, and it’s my opinion that we are facing with the tip of the iceberg, the Elderwood project is the demonstration that groups of hackers are exploiting zero-day vulnerabilities to steal sensible information and to exploit systems inside critical infrastructures.

Similar events are on the agenda, some revealed, others rightly kept secret, the prevention is crucial, fundamental is the definition of protective and efficient countermeasures and the adoption and diffusion of security best practices.

Pierluigi Paganini

References

http://securityaffairs.co/wordpress/10760/hacking/japan-aerospace-exploration-agency-hit-again-by-malware.html

Possibly Related Articles:
9171
Viruses & Malware
Information Security
malware Attacks Japan Cyber Espionage
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.