Japanese industrial manufacturer Kawasaki Heavy Industries announced unauthorized access to its server in Japan, exposing sensitive data.
The company that manufactures industrial machinery, motorcycles, military aircraft, and other products said it discovered an internal audit revealing that its domestic servers were accessed.
Initially, the footprint was traced back to an overseas office in Thailand, then, later on, discovered access via satellite offices in the Philippines, the United States, and Indonesia. Insiders also accessed administrator ID and passwords, stolen from its servers.
The result of this incident is worse, with corporate data being leaked to a third party. Kawasaki noted that communication with the Thailand server was severed, and a follow-up investigation was made to know more information about the incident.
The breach was discovered on June 11, citing a questionable connection between a company server in Japan and another corporate server in Thailand. Going deeper into the audit, the company discovered more unauthorized access in the mentioned countries.
What’s surprising is, the hackers left no trace, which means they carried advanced technology to carry out the hacking operations. Kawasaki didn’t disclose what unknown content was accessed to the third-party but it may contain ‘defense-related information.’
Since knowing the incident, the company has implemented enhanced monitoring operations to move data between overseas offices. Kawasaki also added restrictions and tightened access for servers in a different country.
The six-month delay in reporting the incident was caused by the number of parties involved, and the scope of the investigation. However, the company didn’t provide specific details about the breach but provided a detailed timeline on how the breach unfolded.
Following the discovery on June 11, the same Thailand server used the access to get additional corporate assets in Japan on June 16. On June 24, Kawasaki confirmed the unauthorized access between the Philippines, Japan, and Indonesia.
It was on July 8 when suspicious unauthorized access was discovered in the United States to the Japan office. During this time, Kawasaki has added more restrictions to the network between the two servers.
In the following weeks, Kawasaki has implemented enhanced network communications and began security checks for 30,000 corporate terminals. By Oct. 30, the company discovered no further unauthorized access taking place.
Meanwhile, the company had contacted customers directly, who may be affected by the data breach. Kawasaki also hired an in-house cybersecurity team to ‘strengthen security measures’ and analyze the access methods to prevent a recurrence.