Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Japanese Government. Show all posts

Olympic Ticket Data Leaked, Says Japanese Government

 

Following a breach, user IDs and passwords for the Tokyo Olympic ticket gateway were released on a leak website, a government official told Kyodo News on Wednesday. The leak was "not huge," according to the source, but the IDs and passwords might provide someone access to a person's name, address, bank account information, and other personal information. 

The government source, who spoke on the condition of anonymity, said the organizing body for the Games has initiated an investigation. The hack reportedly includes the names, addresses, and bank account information of individuals who purchased Paralympic tickets, as well as a volunteer portal. They did not specify how many accounts were compromised. The leak was revealed as Japanese musician Keigo Oyamada resigned this week from the team producing Friday's Olympic opening ceremony after admitting to previously bullying and abusing children with disabilities, and as organizers struggle to turn public opinion in their favor in the wake of the coronavirus pandemic. 

Some people on the internet denied the accusations of a breach. "There are no postings on any of the forums demonstrating direct information leaks," Twitter user pancak3 said after finding accounts for those registration sites on Dark Web markets. He went on to say that the data was not stolen as a consequence of a breach, but rather as a result of attacks using the RedLine virus and other data thieves. 

The announcement came just one day after the FBI issued a private industry alert warning organizations working with the Tokyo 2020 Summer Olympics to prepare for a wave of "DDoS attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics."

"Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security," the FBI notice said on Tuesday. "The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments." 

The notice goes on to mention the Pyeongchang cyberattack, which occurred during the 2018 Winter Olympics in Pyeongchang, South Korea, during which Russian hackers used the OlympicDestroyer malware to disrupt web servers during the opening ceremony. According to the notice, the hackers "obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution." Six Russian intelligence operatives were indicted by the Justice Department in October for the attack on the Pyeongchang Winter Olympics.

Fujitsu ProjectWEB Tool Used as a Doorway to Target Japanese Government Offices

 

Cybercriminals have breached the offices of multiple Japanese agencies by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems. 

A number o confidential files belonging to multiple Japanese government entities were also stolen after attackers gained unauthorized access to projects that used ProjectWEB, Fujitsu stated.

Various agencies including the Ministry of Land, Infrastructure, Transport, and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport acknowledged that hackers were able to gain inside information via Fujitsu's information-sharing tool. 

ProjectWEB is a software-as-a-service (SaaS) platform for enterprise collaboration and file platform that Fujitsu has operated since the mid-2000s, and which a number of agencies within the Japanese government currently use. Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers and stakeholders, for example.

Japanese press reported Narita International Airport, located near Tokyo, was impacted as well since Fujitsu attackers managed to steal air traffic control data, flight schedules, and information on business operations. Japanese press reported that the attackers stole documents that contained more than 76,000 email addresses for employees and contractors for the Ministry of Land, Infrastructure, Transport, and Tourism. However, the local authorities did not confirm the reports in a press conference on Wednesday. 

As a precautionary measure, Cabinet Secretariat's national cybersecurity center (NISC) issued multiple advisories alerting government agencies and critical infrastructure organizations using Fujitsu's tool to check for signs of unauthorized access and information leakage.
 
Fujitsu suspends ProjectWEB online portal 

Fujitsu decided to shut down the ProjectWEB platform on Tuesday to investigate the ‘scope and cause’ of the breach following the pressure from NISC and apologized “for the great concern and inconvenience” the breach caused its customers. 

“We will continue to work on investigating and analyzing the scope of impact and the causes of all projects that use [ProjectWEB] with the cooperation of our customers. We take this case very seriously and will continue to consult with the relevant authorities and make every effort to support the victims. that’s all Inquiries regarding this matter.” reads the data breach notice published by the Japanese firm. 

This is the second cyber incident the government of Japan has suffered in a month. In late April, a malicious campaign exploited two flaws, tracked as CVE-2020-5639 and CVE-2021-20655, in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations as part of a global hacking campaign that affected the Japan Prime Minister’s Cabinet Office.