Chinese hackers used Zero-Day in AntivirusTrend Micro OfficeScan program in attacks on Mitsubishi Electric, ZDNet has been shared through investigations.
Trend Micro has now patched the vulnerability, but the company does not comment if zero-day was used in attacks other than Mitsubishi Electric.
MITSUBISHI Electric Hack
News of the Mitsubishi Electric hack became public on Monday, this week. In a press release published on its website, the Japanese electronics supplier and defense contractor said it was hacked last year.
The company said it detected an intrusion into its network on June 28, 2019. After a months-long investigation, Mitsubishi said it had discovered that the hackers had gained access. into their intranet from which they stole about 200MB of files.
While the company did not initially disclose the contents of these documents, in an updated press release the company said the files contained information primarily about employees and were unrelated to data related to the company’s employees. business transactions and partnerships.
Trend Micro Zero-Day Antivirus Vulnerability was exploited by hackers to attack Mitsubishi Electric’s system
Trend Micro Zero-Day Antivirus Vulnerability was exploited by hackers to attack Mitsubishi Electric’s system
According to Mitsubishi, the stolen documents contained:
Job application data for 1,987 people
Results of a 2012 employee survey filled out by 4,566 people from headquarters
Information about 1,569 Mitsubishi Electric workers who retired from 2007 to 2019
Files with confidential company technical documents, sales documents and others.
THE ZERO-DAY
This week, Japanese media delved deeper into the hack. According to the report, the hack first originated in a branch of Mitsubishi Electric China, then spread to 14 divisions/networks of the company.
The hack is said to have been discovered after Mitsubishi Electric employees found a suspicious file on one of the company’s servers.
None of this was confirmed by the Japanese company, but was spotted by Japanese reporters. The only technical detail related to the hack that Mitsubishi Electric revealed was that hackers exploited a vulnerability in one of the anti-virus products the company was using.
A source with knowledge of the attack told ZDNet that the hackers exploited CVE-2019-18187, a directory upload and arbitrary upload vulnerability in Trend Micro OfficeScan antivirus.
According to a Trend Micro security advisory issued in October 2019, “affected versions of OfficeScan can be exploited by an attacker using a directory traversal vulnerability to extract files from a zip file.” arbitrary to a specific folder on the OfficeScan server, potentially leading to remote code execution (RCE).”
In a case study on its website, Trend Micro lists Mitsubishi Electric as one of the companies running the OfficeScan suite.
When patching CVE-2019-18187 in October, Trend Micro warned customers that the vulnerability was being actively exploited by hackers in the wild. Japanese media suggested that the breach was the work of a group Chinese state-sponsored cyberspy named Tick.