Fujitsu admits that the theft of ProjectWEB accounts was the cause of the Japanese government data breach.

fujitsu

Fujitsu has announced that the culprit behind a data breach that occurred in May 2021 was the theft of accounts from legitimate users using a vulnerability in its ProjectWEB information sharing tool to access proprietary data owned by several Japanese government agencies.

https://www.fujitsu.com/global/about/resources/news/notices/2021/1209-02.html

Fujitsu has announced the latest investigation results and countermeasures regarding the unauthorized access incident to Fujitsu’s tool “ProjectWEB” announced earlier this year.

In response to the issues uncovered in the verification of the incident, Fujitsu appointed a full-time CISO on October 1 of this year and is formulating measures to prevent recurrence under a new information security management and operation structure. In order to resolve this issue, we will introduce a new project information sharing tool with robust information security measures including Zero Trust, and migrate our project management operations. In addition, as a result of our review, we have decided to discontinue using the existing information sharing tool.

Japan’s National Cyber Security Center (NISC) and the Ministry of Land, Infrastructure, Transport and Tourism (MLIT) had revealed that at least 76,000 email accounts were accessed in an information leak using ProjectWEB.

In response to this incident, the National Cyber Security Center (NISC) of the Cabinet Secretariat called on government agencies and critical infrastructure organizations that use Fujitsu’s ProjectWEB tools to check for signs of unauthorized access and information leaks

Authentication theft is behind May’s information breach

Fujitsu Limited announced that unauthorized access to ProjectWEB, a service provided by Fujitsu, had occurred, and an internal investigation revealed that the attackers had stolen the ProjectWEB accounts of legitimate users to gain unauthorized access, thereby blending in and evading detection.

The cause of this unauthorized access was the unauthorized acquisition of a ProjectWEB account, making it appear that a legitimate user was accessing the tool through normal authentication and communication methods, and then obtaining a legitimate ID and passwords were fraudulently obtained.

We are currently working with a committee of outside experts to conduct additional review of the cause of this incident and our response.

ProjectWEB is no longer offered

Fujitsu Limited has suspended and discontinued the ProjectWEB portal following the revelation of this incident, and is in the process of introducing and migrating to a new project information sharing tool developed based on the Zero Trust concept.

To address the issues raised by this incident, we have implemented a new project information sharing tool with robust information security measures, including those in line with Zero Trust Practices, and will be migrating our project management operations to the new tool. We plan to migrate to the new tool.

This incident is very similar to the hacking attack targeting the Accellion File Transfer Appliance (FTA) that affected hundreds of customer organizations since mid-December 2020, including banks, government agencies, and high-tech companies.

Fujitsu is a Japanese multinational technology company with more than 126,000 employees in over 100 countries. Fujitsu’s consolidated revenue for the last fiscal year was $34 billion.

Leave a Reply

Your email address will not be published.