Search This Blog

Showing posts with label Japan. Show all posts

Data From Fujitsu is Being Sold on the Dark Web

 

An organisation called Marketo is selling data from Fujitsu on the dark web, although the firm claims the information "appears to be tied to customers" rather than their own systems. Marketo announced on its leak site on August 26 that it had 4 GB of stolen data and was selling it. They claimed to have private customer information, company data, budget data, reports, and other company papers, including project information, and gave samples of the data.

Fujitsu Limited, based in Tokyo, is a Japanese multinational information and communications technology equipment and services firm founded in 1935. After IBM, Accenture, and AWS, Fujitsu was the world's fourth-largest IT services company by yearly sales in 2018. Fujitsu's hardware portfolio consists mostly of personal and enterprise computing solutions, such as x86, SPARC, and mainframe compatible servers. 

Initially, the group's leak site stated that there were 280 bids on the data, but now it only shows 70 offers. A Fujitsu representative downplayed the event, saying there was no evidence it was linked to a case in May in which hackers used Fujitsu's ProjectWEB platform to steal data from Japanese government agencies. 

"We are aware that information has been uploaded to dark web auction site 'Marketo' that purports to have been obtained from our site. Details of the source of this information, including whether it comes from our systems or environment, are unknown," a Fujitsu spokesperson said. 

Marketo is a reliable source, according to Ivan Righi, a cyber threat intelligence expert at Digital Shadows. The veracity of the material stolen, according to Righi, cannot be validated, but prior data leaks by the group have been found to be real. 

"Therefore, it is likely that the data exposed on their website is legitimate. At the time of writing, Marketo has only exposed a 24.5 MB 'evidence package,' which contained some data relating to another Japanese company called Toray Industries. The group also provided three screenshots of spreadsheets allegedly stolen in the attack," Righi said.

The group has gone as far as sending samples of stolen data to a company's competitors, clients, and partners in the past to embarrass victims into paying for their data back. The group has listed hundreds of firms on their leak site, most notably Puma, and releases one every week, usually selling data from US and European corporations. At least seven industrial goods and services firms, as well as healthcare and technology firms, have been targeted. 

According to Brett Callow, a ransomware expert, and threat analyst at Emsisoft, it's unknown how Marketo gets the data it offers, but there's evidence that the data is frequently linked to ransomware attacks.

Cinobi Banking Malware Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign

 

Researchers at Trend Micro discovered a new social engineering-based malvertising campaign targeting Japanese users with a malicious application disguised as a free porn game, a reward points application, or a video streaming app. 

The malicious application uses a sideloading methodology to show the victim arbitrary web pages and ultimately deploy the Cinobi banking trojan. Researchers say that the malvertising campaign shares much in common with the Cinobi banking trojan they identified last year, but consider it to be a rebranded version of it. The campaign’s configuration remained the same, except that it targets a list of cryptocurrency exchange websites in Japan.

Last year, researchers at Trend Micro unearthed a new banking trojan which was dubbed as Cinobi Banking Trojan. The banking malware was a part of a campaign called “Operation Overtrap”. The campaign was operated by a malicious group known as “Water Kappa”. The malicious group has deployed the trojan in two ways: either via spam or making use of the Bottle exploit kit that contained CVE-2020-1380 and CVE-2021-26411 (2 Internet Explorer exploits). Interestingly, only Internet Explorer users were targeted through these malvertising attacks. 

Throughout 2020 and the first half of 2021, researchers noticed limited activity from the malicious group, with traffic decreasing during the middle of June — possibly suggesting that the group was turning to new tools and techniques. Earlier this month, researchers discovered the banking malware targeting users in Japan by abusing sideloading bugs. Researchers at TrendMicro believe that the same attackers that engaged in the “Operation Overtrap” campaign are behind this new one.

The malvertising campaign targets users by sending malvertisements with five different themes. These malvertisements trick victims into installing the same archive with the malware files. After the victim clicks the download button (“index.clientdownload.windows”), the site downloads the ZIP archive for the main executable file.

Researchers noted that the malicious website can be accessed only via Japanese IP addresses and that malicious threat actors behind the malvertising campaign are trying to steal cryptocurrency as  Cryptocurrency accounts’ credentials are now what hackers want to obtain by deploying the banking trojan called Cinobi. 

Threat actors have designed few more versions of banking malware with slight differences. The most important is the configuration file responsible for the form-grabbing functionality. The banking trojan has been spotted targeting users of 11 Japanese financial institutions, including banks and cryptocurrency trading companies. To avoid getting infected, researchers advised users to be extra cautious of suspicious advertisements and install only legitimate applications from trusted sources.

Cyberattacks Zero in Tokyo Olympics as Games Begin

 

Malicious malware and websites have targeted both event organizers and regular spectators as the Tokyo Olympics' opening ceremony approaches. 

According to Tokyo-based Mitsui Bussan Secure Directions, this malware was published to the VirusTotal malware-scanning site on 20 July and has been identified by numerous antivirus software companies throughout the world. 

A fraudulent PDF file masquerades as a Japanese-language document on cyberattacks associated with the Olympics. When users open it, malware enters their computer and deletes the documents. The dubious PDF was allegedly sent to Japanese event officials by hackers in an effort to erase important Olympics-related data. 

Takashi Yoshikawa of MBSD cautioned concerning the "wiper" malware. The so-called Olympic Destroyer virus caused severe system interruptions at the 2018 Winter Games in Pyeongchang, South Korea. 

TXT, LOG, and CSV files, which can occasionally hold logs, databases, or password information, are targeted for deleting alongside Microsoft Office files. Furthermore, the wiper targets files generated using the Ichitaro Japanese word processor, leading the MBSD team to assume that the wiper was designed particularly for PCs in Japan, where the Ichitaro program is often installed. 

Yoshikawa added, "This is the type of attack we should be most concerned about for the Tokyo Olympics, and we need to continue keeping a close eye on this." 

Fraud streaming sites have also become a major source of concern for the Games, especially now that COVID-19 concerns have virtually prohibited viewers. The websites, which appeared when users searched for Olympic-related phrases on search engines like Google, require users to accept browser alerts so that malicious advertising can be shown. Numerous sites of this sort have previously been discovered by Trend Micro. 

In Japan, Olympic content is provided for free of cost on two official streaming service platforms: one operated by state broadcaster NHK, and the other named TVer, which is managed by commercial broadcasters. In the country, other streamers are not permitted. 

Trend Micro advises that clicking those links might expose the user to assault, advising viewers to watch the Olympics on officially recognized sites. Fake Olympics websites featuring important keywords like "Tokyo" or "2020" in their domain names are another concern. In a probable phishing attack, the login information of ticket purchasers and volunteers was also exposed online. Organizers are advising prudence in the wake of such dangers.

FujiFilm Shuts Down Network Following Ransomware Attack

 

Japanese multinational conglomerate FujiFilm, headquartered in Tokyo suffered a ransomware attack on Tuesday night. The company has shut down portions of its network to prevent the attack's spread, as a precautionary measure. 

"FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," the company said in a statement.

FujiFilm is renowned for its digital imaging products but also produces high-tech medical kits, including devices for the rapid processing of COVID-19 tests. Due to the partial network outage, FUJIFILM USA has added a notice to its website stating that it is currently experiencing network problems impacting its email and phone systems. 

“We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused,” FujiFilm further added. 

Threat hunting and cyber intelligence firm Group-IB estimated that the number of ransomware attacks grew by more than 150% in 2020 and that the average ransom demand increased more than twofold to $170,000.

While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez has told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.

"Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021. Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group. A network infection attributed to QBot automatically results in risks associated with future ransomware attacks," Kremez told BleepingComputer.

Last week, hackers targeted the Japanese government organizations and gained access to the company's project management platform which resulted in data leaks from various government offices. One ministry had at least 76,000 email addresses exposed, including those belonging to individuals outside of the ministry.

Japanese E-Commerce Platform Mercari Suffers Major Data Breach

 

Mercari, an e-commerce platform, has disclosed a major data breach that occurred as a result of the Codecov supply-chain attack. Mercari is a publicly listed Japanese online marketplace that has recently expanded its operations to the United States and the United Kingdom. 

As of 2017, the Mercari app had been installed by over 100 million people around the globe, making the firm the first in Japan to achieve unicorn status. Codecov, a popular code coverage tool, was the victim of a two-month supply-chain attack. During these two months, the hackers modified the legal Codecov Bash Uploader tool to exfiltrate environment variables from Codecov customers’ CI/CD environments (which included sensitive information such as keys, tokens, and credentials). 

The popular code coverage tool Codecov was a victim of a supply-chain attack that lasted for two months. During this two-month period, the attackers have modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers’ CI/CD environments. 

Using the credentials gathered from the tampered Bash Uploader, Codecov attackers managed to hack hundreds of customer networks. Now, the e-commerce giant Mercari has disclosed a major impact from the Codecov supply-chain attack on its customer data. The e-commerce platform has confirmed that the Codecov breach exposed tens of thousands of customer data, including financial details, to threat actors. 

According to Mercari, the following details have been compromised as a result of the investigation: 

• Between August 5, 2014, and January 20, 2014, there were 17,085 records related to the transfer of sales proceeds to customer accounts. The leaked data included bank code, branch code, account number, the account holder (kana), and the transfer amount. 

• For a select few, 7,966 records on ‘Mercari’ and ‘Merpay’ business associates were revealed, including names, dates of birth, affiliations, e-mail addresses, and more. 

• There are 2,615 documents on certain workers, including those who work for Mercari. Employee names, company email address, employee ID, phone number, date of birth, and other information as of April 2021. 

• Details of previous staff, vendors, and external company employees who dealt with Mercari 217 customer service support cases between November 2015 and January 2018. 

• Customer information exposed includes name, address, e-mail address, phone number, and inquiry material. 

• There are 6 records related to a May 2013 incident. Shortly after Codecov’s initial disclosure in mid-April, Mercari became aware of the consequences of the Codecov breach.

Mercari was also notified by GitHub on April 23rd of suspicious behavior linked to the incident seen on Mercari’s repositories. As Mercari found that a malicious third party had obtained and manipulated their authentication credentials, the company deactivated the compromised credentials and secrets immediately, while continuing to investigate the full scope of the breach.

"At the same time as this announcement, we will promptly provide individual information to those who are subject to the information leaked due to this matter, and we have also set up a dedicated contact point for inquiries regarding this matter," Mercari stated in its original press release.

"In the future, we will continue to implement further security enhancement measures and investigate this matter while utilizing the knowledge of external security experts, and will promptly report any new information that should be announced. We sincerely apologize for any inconvenience and concern caused by this matter," the company further added.

Tokyo Gas Discloses Data Breach Impacting Anime-style Dating Simulation Game

 

Recently a cyber attack has been reported by Tokyo Gas, the game’s developer and also known as a Japanese utility giant; the company said that around 10,000 email addresses belonging to players of an online animated style game were exposed during a data breach. 

Following the incident, the company has published a security alert post on January 30, whereby it stated that at present they have disabled the animated game's website  (popularly known as dating simulation game) and mobile app after it came to their notice that a third party has gained unauthorized control in the system and to the emails credentials and associated players’ nicknames. 

The translated name of the game is ‘Furo Koi: My Only Bath Butler’, the parent company of this application described it as a ‘romance game'. It is based on the Japanese role-playing genre, wherein users build relationships with the other users, mainly through conversations on the app. 

In response to the attack, the Japanese-language security alert has indicated that the game also appears as accessing the comparative effectiveness of various bathing products, whilst a video has been posted on the game’s Twitter account which shows various anime avatars. 

Tokyo Gas has been founded in 1885 in Japan and is Japan’s largest natural gas provider giant. According to the data about 10,365 emails credential has been exposed when the attack unfolded on January 29. 

In a press gathering, a spokesperson from the company said that the breach was discovered the following day, on January 30. However, currently, the company is not sure whether the stolen data has been misused or is safe. 

In the security alert, the company displayed a reference to the addition of a new feature to the game on January 28, but at present, it is unclear what, if any, connection this has to the data breach. 

It also indicated that all measures regarding the attack have been taken. Furthermore, law enforcement will be implementing security measures based on the findings of a security audit. 

The Tokyo Gas spokesperson said: “We recognize that the protection of customer information is extremely important. We sincerely apologize for any inconvenience caused to our customers”.

UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics

 

The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event' the Russian military intelligence services were coming up with a cyber-attack on the Japanese-facilitated Olympics and Paralympics in Tokyo. 

The Russian cyber-reconnaissance work covered the Games organizers, logistics services, and sponsors and was in progress before the Olympics was delayed due to Covid-19. 

The proof is the first indication that Russia was set up to venture as far as to disrupt the summer Games, from which all Russian competitors had been prohibited on account of diligent state-sponsored doping offenses. 

The Kyodo news agency said a senior Japanese government official had specified that Tokyo would think about housing a protest with Moscow if cyber-attacks were affirmed to have been carried out by Russia. 

Japan's chief government spokesman, Katsunobu Kato, said the country would do all that is conceivable to guarantee that the postponed Games would be liberated from any and every cyber-attacks. 

“We would not be able to overlook an ill-intentioned cyber-attack that could undermine the foundation of democracy,” Kato stated, including that Japanese authorities were gathering data and would keep on imparting it to other countries. 

The UK government announced with what it reported with 95% certainty that the disruption of both the winter and summer Olympics was carried out distantly by the GRU unit 74455. 

In PyeongChang as well, as indicated by the UK, the GRU's cyber unit endeavored to camouflage itself as North Korean and Chinese hackers when it focused on the opening ceremony of the 2018 winter Games, smashing the site to stop spectators from printing out tickets and crashing the WiFi in the arena. 

The key targets additionally included broadcasters, a ski resort, Olympic officials, services providers, and sponsors of the games in 2018, which means the objects of the attacks were not simply in Korea.

The foreign secretary, Dominic Raab, stated: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.” 

Included later that, “the UK will continue to work with our allies to call out and counter future malicious cyber-attacks.” 

These allegations of the UK are believed to be a part of an endeavor to disrupt Russia's cybersecurity threat through maximum exposure and stop any interruption of a rescheduled summer Games next year.

India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems

 

India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber systems'. 

Their ambitious agreement accommodates participation in 5G technology, AI and a variety of other critical regions as the two strategic partners pledged to broad base their ties including in the Indo-Pacific area. 

The foreign ministers of the two nations – S Jaishankar of India and Motegi Toshimitsu of Japan – were of the view that a free, open, and comprehensive Indo-Pacific region “must be premised on diversified and resilient supply chains."

The two ministers “welcomed the Supply Chain Resilience Initiative between India, Japan, Australia, and other like-minded countries." 

Their initiative comes with regards to nations hoping to enhance supply chains out of China subsequent to Beijing suddenly closing factories and units in the repercussions of the Coronavirus pandemic, sending economic activities into a dump. 

The move hurled the subject of dependability of supply chains situated in China with nations hoping to widen the hotspots for critical procurement. In September, the trade ministers of India, Australia, and Japan had consented upon to dispatch an initiative on supply chain resilience.


Jaishankar, in a tweet, said further expansion of India-Japan cooperation in third nations centering around development projects likewise figured in the thirteenth India-Japan foreign minister's strategic dialogue.

The two “welcomed the finalization of the text of the cybersecurity agreement. The agreement promotes cooperation in capacity building, research, and development, security and resilience in the areas of Critical Information Infrastructure, 5G, Internet of Things (IoT), Artificial Intelligence (AI), among others," the statement said. 

In New Delhi, the agreement was cleared at a Cabinet meeting headed by PM Narendra Modi, as per Information and Broadcasting Minister Prakash Javadekar. 

The ministers concurred that the following annual bilateral summit between the leaders of India and Japan would be facilitated by the Indian government “at a mutually convenient time for the two Prime Ministers."

Alert! TrickBot Trojan and Ryuk Ransomware spreads through Japan, as the holiday season approaches


The most dangerous and active banking trojan family according to IBM X-Force data, TrickBot has been modifying it's malware’s modules lately, as the threat group launches in the wild. As the infection campaign spreads around the globe - Japan has become its new growing target ahead of the holiday season. Just ahead of the holiday's TrickBot campaigns usually target European and western countries and other parts of the world but this is the first time they have focused on Japan.


And also, just in time for the holidays when they'll be shopping extensively. Thus, the Japanese consumers should be wary of these infections as they target banks, online shopping payment cards, telecommerce, a bitcoin exchange, e-wallets, and others. TrickBot has been loaded with hundreds of targeted URLs belonging to banks and other retailers. Emotet botnet is also dropping TrickBot to other devices.

The most common attack includes web injections on bank websites leading to banking frauds. On-the-fly injections, used by TrickBot lures the victim into revealing personally identifiable information (PII), payment card details and PIN codes. This is not the first time Eastern European gangs attacked the country, other trojans like URLZone and Gozi (Ursnif) have been prevalent in Japan for years now. For Japanese Businessmen - Beware! Not only TrickBot but Ryuk Ransomware is also spreading through the region TrickBot, being already a worrisome banking plague is not only limited to that.

The Japanese companies should also be wary of the growing ransomware attacks because the TrickBot can usher in Ryuk Ransomware Attacks along with it. It's a kill chain that starts with Emotet and TrickBot and leads to Ryuk attack, ransomware that locks the system demanding millions of dollars. If such Ryuk or TrickBot attack is suspected, then you should immediately launch response plans and contain the infection or contact security companies without wasting precious time as these infections spread fast and wide.

Japan Ups Its Cyber-Warfare Game; Becomes a Member of NATO.

p

Cautiously judging China for possible cyber threats, on December 2, Japan in actuality became a new contributor in NATO’s cyber-security war strategies by becoming a member.

Up till 2018, only an observer, Japan moved up its status in the field of “cyber-warfare”.

The Defense Ministry of Japan reportedly mentioned that it has very little experience when it comes to international exercises. There are several things and issues they need to work on, the language barrier being on the list.

The Cyber defenses Japan had to offer so far have always been a matter of criticism compared especially with those of the western nations which made them wonder about any possible cyber-suffrage that could be caused.

China’s infamous cyber-history includes several hacker organizations that are clearly blossoming. From attacks on the government to corporate servers, they’ve done it all.

Reportedly, China is feared to have massive cyber-attack efficacies to match that of Russia’s and that’s what’s causing the U.S and the other European countries to lose sleep.

Pondering over data breaches, Washington has urged other nations to shun Chinese-made telecommunication gear for their “fifth-generation wireless infrastructure”.

The NATO’s Cyber Coalition has its command center in Estonia and proposes one of the world’s greatest exercises of its type. It’s in full swing, with participants like Ukraine, the European Union, and the U.S. totaling up to over 30.

As part of the cyber-security exercise, the “Cyber Coalition” drills model situations that vary from “state compromised computer systems” to the role of cyber-attacks in cross-border battles and even defense against virtual enemies.

A Defensive Malware On The Cyber To-Do List of Japanese Government




Japanese government likes to stay ahead of disasters, be it natural or for that matter, cyber-crime related.

In the same spirit Japan’s Defense Ministry has decided to create and maintain cyber-weapons in the form of “Malware”.

The malware is all set to contain viruses and backdoors and would be the first ever cyber-weapon of Japan’s.

According to sources, it will be fabricated not by government employees but professional contractors tentatively by the end of this fiscal year.

The capabilities and the purpose or the way of usage hasn’t been out in the open yet.



Reports have it that the malware is just a precautionary measure against the attacker if in case the Japanese institutions are ever under attack.

As it turns out the malware is one of the endeavors of the Japanese government towards modernizing and countering China’s growing military threat.

The country also plans on widely expanding its reach into cyber battlefield (which is now an actual battle field) tactics.

Many major countries ambiguously have been using cyber weapons and now Japan’s next on the list.

The country’s government believes, being cyber ready and holding a major cyber-weapon in hand would keep countries that wish to attack at bay.

But as it turns out, this tactic hasn’t fared well with other countries as much as they’d like to believe.

This happens to be the second attempt at creating a cyber-weapon stash after 2012 which didn’t bear results like it should’ve.

Earlier this year the Japanese government passed a legislation allowing the National Institute of Information Communications Technology to hack into the citizens’ IoT devices using default or weak credentials during a survey of insecure Iot devices.

All this was planned to secure the Iot devices before the Tokyo 2020 Olympics to avoid Olympic Destroyer and attacks like VPNFilter.

So it turns out, that these efforts at strengthening the cyber game of Japan’s originate from the chief of Japan’s Cyber-security department who happens to not even OWN or USE a computer.

Looking For a Free VPN Service That’s Not Too Messy? Here’s All You Need To Know About TunSafe VPN Service

Not sure how to browse the internet safely away from the claws of hackers and cyber-cons? Not sure how to maintain cyber privacy?

TunSafe VPN is a solution to many such problems. It’s a free VPN service which aids people to connect with websites and social networks without revealing the channel.

It has been essentially developed and includes fresh features and better provisions.

The very high performing VPN follows the WireGuard protocol which enables it to help setup the secure VPN channels swiftly betwixt different platforms.

By way of the latest and most fresh cryptography-Curve25519, ChaCha20, Poly1305, BLAKE2 and HKDF, TunSafe ensures that no third-party hinder the user’s privacy.

All you need is simple configuration files which is specifically provided by the VPN provider..

For Downloading:


1. Go to https://tunsafe.com/
2. Click download.
3. Select the “Download TunSafe 1.4 installer”

For Installation:


1. Open the downloaded file
2. Complete the installation by pressing OK all the way.
3. Finally close it.
4. This is what will appear after that.

5. Click on connect.

6. The above is what will appear after that. This is the main window of TunSafe.

7. Drag the configuration file from the VPN provider onto Tunsafe’s window.

8. Confirm when the dialogue box pops up.


9. If everything works out well, a message will show that the VPN has been connected and the connection, established.

Various Platforms TunSafe Is Available For:
Desktop: Windows, Linux, OSX, Free BSD
Mobile: Android and iOS

Unlike most of the VPN services, TunSafe is free if cost and that’s what makes it better, more efficient and different from all the others.

For more details check www.tunsafe.com