China has been implicated in a cyber attack designed to hack the emails of Japanese parliament members, as news emerged that details on nuclear plants and war planes may have been stolen from a separate attack on Mitsubishi Heavy Industries.
Japanese newspaper The Asahi Shimbun reported on Tuesday that a server located in China was used for the attack on the Japanese Lower House. This led to an extraordinary meeting of a key subcommittee after it emerged that hackers had access to emails and documents belonging to the chamber's 480 legislators for at least one month.
A Lower House server and PCs were infected with the data-stealing Trojan after a member of the chamber opened a malicious email attachment in late July. However, the lawmaker in question failed to report the malware infection for around a month.
Lower House members have now been asked to change their passwords, although this happens as a rule every three months anyway, the report added.
The news comes as a separate Asahi Shimbun story on Monday reported that an attack on Mitsubishi Heavy Industries in July may have led to hackers stealing sensitive information on key defence equipment including nuclear plants and jet fighters.
The incident, uncovered by Trend Micro in September, was part of a large scale, co-ordinated and covert campaign of targeted attacks carried out in July against defence companies in Israel, India and the US.
The attacks typically started as a targeted email containing a malicious PDF attachment designed to exploit a vulnerability in Adobe Flash and Reader. Once infected, the user's machine called home to a command and control server, which downloaded a remote action Trojan to give hackers control over that machine.
Sources told the Asahi that an internal investigation revealed that sensitive information had been sent outside the company's network, despite Mitsubishi claiming to have taken the appropriate measures to protect the data.
Christophe Bianco, European general manager at vulnerability management firm Qualys, warned that the revelations raise serious security questions that should concern all organisations.
"If this information has indeed been lost it shows that, even for companies acting in sensitive markets where the level of security is normally at the top level, it is difficult for them to protect themselves," he said.
"This gives perspective on the challenge currently faced by other private sector organisations that interact with the general public."
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch