banner1
banner2

HOME
Breaking News

Hackers use Trend Micro antivirus zero-day in the Mitsubishi cyber attack

by VARINDIA 2020-01-28
Hackers use Trend Micro antivirus zero-day in the Mitsubishi cyber attack

According to sources, during their attacks on Mitsubishi Electric, Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus.

 

Though Trend Micro has now patched the vulnerability, the company however did not comment if the zero-day was used in other attacks beyond Mitsubishi Electric.

 

News of the Mitsubishi Electric hack became public on Monday, when in a press release published on its website, the Japanese electronics vendor and defense contractor said it was hacked last year.

 

After detecting an intrusion on its network on June 28, 2019 and following a month-long investigation, Mitsubishi said it discovered that hackers gained access to its internal network from where they stole roughly 200 MB of files.

 

While initially the company didn't reveal the content of these documents, in an updated press release, the company said the files contained primarily information on employees, and not data related to its business dealings and partners.

 

According to Mitsubishi, the stolen documents contained:

 

* Data on employment applications for 1,987 people

* The results of a 2012 employee survey that was filled in by 4,566 people from its head office

* Information on 1,569 Mitsubishi Electric workers that retired between 2007 and 2019

* Files with corporate confidential technical materials, sales materials, and others.

 

According to reports, the hack first originated at a Mitsubishi Electric Chinese affiliate, and then spread to 14 of the company's departments/networks. None of this was confirmed by the Japanese company, but discovered by Japanese reporters. The only technical detail in relation to the hack Mitsubishi Electric disclosed was the fact that hackers exploited a vulnerability in one of the antivirus products the company was using. The hackers exploited CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in the Trend Micro OfficeScan antivirus.

 

When it patched CVE-2019-18187 back in October, Trend Micro warned customers that the vulnerability was being actively exploited by hackers in the wild.

 

According to a security advisory Trend Micro sent out in October 2019, "affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE)."

 

In a case study on its website, Trend Micro lists Mitsubishi Electric as one of the companies that run the OfficeScan suite.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
India and Thailand Strengthen Cooperation to Fight Cybercrime and Human Trafficking in Southeast Asia

India and Thailand Strengthen Cooperation to Fight Cybercrime and Human Trafficking in Southeast Asia

SonicWall sets new standard with next generation security solutions built for MSPs

SonicWall sets new standard with next generation security solutions built for MSPs

Seqrite announces SIA - an AI-powered virtual security analyst

Seqrite announces SIA - an AI-powered virtual security analyst

SOFTWARE
View All
HCLTech unveils AR-powered IT infrastructure solution in collaboration with CareAR

HCLTech unveils AR-powered IT infrastructure solution in collaboration with CareAR

GoDaddy Agency to help digital consultants grow

GoDaddy Agency to help digital consultants grow

ManageEngine includes AI-powered enhancements to its Unified PAM platform

ManageEngine includes AI-powered enhancements to its Unified PAM platform

START - UP
View All
Data Safeguard Secures Seed Funding from Auxano Capital

Data Safeguard Secures Seed Funding from Auxano Capital

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Second Edition of Startup Mahakumbh

Second Edition of Startup Mahakumbh

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Severe Commvault Command Center Flaw Allows Remote Code Execution

Severe Commvault Command Center Flaw Allows Remote Code Execution

AI Agents Are Reshaping the Corporate Org Chart

AI Agents Are Reshaping the Corporate Org Chart

STL and C-DOT successfully demonstrate India’s first Quantum Key Distribution with Multi-Core Fibre

STL and C-DOT successfully demonstrate India’s first Quantum Key Distribution with Multi-Core Fibre

Why is Meta Forced to Change its Content Policy?

Why is Meta Forced to Change its Content Policy?

AI, cloud expansion fuelling identity risks

AI, cloud expansion fuelling identity risks

AI’s Rapid Rise: Impressive Yet Not Without Limits

AI’s Rapid Rise: Impressive Yet Not Without Limits

Melania Trump-Backed Deepfake Bill receives “Take It Down” act

Melania Trump-Backed Deepfake Bill receives “Take It Down” act

Startups To Struggle to Compete with Google, xAI, and OpenAI in the AI Arms Race

Startups To Struggle to Compete with Google, xAI, and OpenAI in the AI Arms Race

SAP SuccessFactors to drive HR transformation for Jaquar Group

SAP SuccessFactors to drive HR transformation for Jaquar Group

Ascendion to drive experience transformation with acquisition of UXReactor

Ascendion to drive experience transformation with acquisition of UXReactor

dsf