In-depth Article on Cyberattacks Against Mitsubishi Electric Corp. and the Rise of Chinese-Affiliated Hacking Groups

In-depth Article on Cyberattacks Against Mitsubishi Electric Corp. and the Rise of Chinese-Affiliated Hacking Groups
Photo by Dominic Kurniawan Suryaputra / Unsplash

Mitsubishi Electric Corp., a major player in a variety of industries, including defense, infrastructure, electronics, and railway systems, has been targeted by a series of sophisticated cyberattacks over the past decade. In a recent investigation, at least four Chinese-affiliated hacking groups have been linked to breaches within the company, underscoring the persistent threats large corporations face from state-backed cyber espionage.

The Four Groups Linked to the Breach

The groups suspected of breaching Mitsubishi Electric’s security systems include Tick, Aurora Panda, Black Tech, and a group utilizing the Emdivi virus. Each group operates with distinct targets and methods, and their persistent attempts at accessing Mitsubishi Electric’s systems reflect the high value placed on the company’s diverse industry connections, especially its ties to government and defense organizations.

  • Tick: Known for focusing on defense equipment and critical infrastructure, Tick is believed to have breached Mitsubishi Electric through an affiliate in China, using tactics that involve leveraging supply chain vulnerabilities. According to cybersecurity reports, this group aims to steal sensitive information related to national security.
  • Aurora Panda: This group, which is believed to have launched attacks around 2013, primarily targets government ministries and IT companies. Their focus on government-related data and technology systems positions them as a key actor in the broader cyber espionage landscape.
  • Black Tech: Considered one of the most damaging groups involved in these breaches, Black Tech has been linked to the compromise of personal information for over 8,000 Mitsubishi Electric employees, applicants, and retirees. Additionally, the group is known to steal classified information from large manufacturers in Japan and Taiwan. Mitsubishi Electric first detected Black Tech's activities in 2017, when the group infiltrated the company through an affiliate in China. Since then, they’ve been linked to several high-profile breaches.
  • Emdivi Virus Group: Although less is known about this group, they are responsible for previous attacks involving the Emdivi virus, which was infamously used to breach Japan Pension Service records in 2015. The same group targeted Mitsubishi Electric around that time, with signs pointing to significant compromises, but their exact identity remains elusive.

The Role of Supply Chain Vulnerabilities

One of the most significant aspects of these cyberattacks is the method by which these hacking groups infiltrated Mitsubishi Electric’s network. Rather than directly attacking the company's primary defenses, many of these groups leveraged vulnerabilities in third-party affiliates—often in China. This supply chain vulnerability is a common tactic used by state-backed groups to breach larger targets indirectly.

Exploitation of Software Vulnerabilities

Mitsubishi Electric’s internal investigation revealed that many of these cyberattacks exploited vulnerabilities in anti-virus software provided by Trend Micro Inc., a major player in cybersecurity. A critical glitch in the software’s "virus-buster" module allowed hackers to hijack the company’s management server, which in turn granted unauthorized access to sensitive corporate data. This attack vector, which compromised both Mitsubishi Electric’s headquarters and key offices, highlights the importance of secure software management practices.

Trend Micro reported that the glitch was patched in October of the same year and acknowledged the exploitation of the software bugs but declined to go into details about individual cases. This underscores the delicate balance between transparency and protecting vulnerable organizations from reputational damage in the cybersecurity industry.

The Significance of Targeting Mitsubishi Electric

Mitsubishi Electric’s wide-ranging involvement in industries critical to national security and infrastructure made it a prime target for espionage. Its technology and expertise have dual-use applications—both military and civilian—making the data they hold highly valuable for both economic and geopolitical purposes. Cybersecurity specialist Hiroki Iwai points out that companies with strong ties to government entities and critical infrastructure are natural targets for such attacks.

Moreover, the motivations behind these cyberattacks may be influenced by government policies from the hackers' home countries. Cyber espionage has long been tied to state-sponsored efforts to gain a competitive edge in international affairs, as well as to further strategic objectives such as intellectual property theft and the collection of sensitive data on military technologies.

Lessons Learned and Future Countermeasures

One of the critical takeaways from these attacks is the necessity for businesses like Mitsubishi Electric to understand the specific characteristics and methodologies of each espionage group they may face. Cybersecurity professionals emphasize the need for tailored defense strategies that address the unique threats posed by each group, whether through reinforcing internal defenses or securing the supply chain.

The Ministry of Economy, Trade, and Industry confirmed that Mitsubishi Electric reported a potential data breach on January 10th. However, the ministry asserted that no classified information related to defense, power industries, or railway systems was leaked in the attack.

Cybersecurity is a continually evolving challenge, especially for companies as large and diverse as Mitsubishi Electric. In light of these ongoing threats, experts like Hiroki Iwai suggest that corporations connected to government organizations and sensitive industries will continue to face cyberattacks in the future, driven by shifting political dynamics and the evolving capabilities of cyber espionage groups.

Conclusion

The cyberattacks on Mitsubishi Electric reveal a broader trend in which large multinational corporations—particularly those involved in critical infrastructure and defense—are prime targets for state-sponsored espionage. As cyber threats continue to evolve, companies must adopt robust and adaptive cybersecurity strategies to protect their assets and data from well-resourced and highly capable adversaries. Furthermore, the breaches at Mitsubishi Electric underscore the need for heightened vigilance around supply chain security and the proper management of vulnerabilities within widely used software systems. As these threats persist, understanding the motivations, techniques, and goals of state-backed hacking groups will be vital for building effective defenses.

Read more