New type of cyber-attack targets Japan govt bodies, firms

JAPAN - At least 20 organisations, including central government bodies such as the Agriculture, Forestry and Fisheries Ministry, along with major companies, came under a new type of targeted cyber-attack in August and September, where some computers were found to have been infected with a virus that steals confidential information, it has been learned.

Attackers implanted the virus on certain websites. When people using targeted computers browsed these sites, the computers were infected with the virus. The virus did not attack non-targeted computers.

The National Information Security Center has been increasingly alert about the latest cyber-attacks, saying, "This is a new technique targeting Japan's confidential information."

According to investigations by NISC and The Yomiuri Shimbun, organisations that came under these cyber-attacks also include the Foreign Ministry and the Economy, Trade and Industry Ministry as well as independent administrative institutions, such as the National Hospital Organisation, TV stations and defence-related companies.

Computers at the agriculture ministry were found to have been infected with the virus without the fact being publicly disclosed.

"We won't publicly announce whether our computers have been infected with the virus because we don't want to make attackers aware that our system is vulnerable to such attacks," an agriculture ministry official said.

Other organisations are also investigating the cyber-attacks.

According to LAC Co., an information security company that investigated the latest cyber-attacks, the attackers altered websites that are frequently browsed by employees of government administrative organisations who are members of the websites. The attackers then implanted the virus on those websites, letting it await the chance to infect targeted computers so they could steal confidential information by taking control of the computers remotely.

The virus is designed to infect only computers of certain IP address when users browse the altered websites on those computers.

Because ordinary people using computers that are not targeted by the attackers would not get infected with the virus, it is difficult for the cyber-attacks to be discovered.

Previously, similar targeted cyber-attacks aimed at stealing information from certain organisations caused their computers to be infected with viruses, mostly through e-mails or USB devices.

According to LAC, it was the first time that targeted cyber-attacks using altered websites have been confirmed.

The latest cyber-attacks took advantage of a newly found defect of Microsoft Corp.'s Internet Explorer browser. Microsoft announced the browser's vulnerability to cyber-attacks due to this defect on Sept. 18 and started to distribute a patch programme to fix the defect on Wednesday. The company is urging users to fix the problem quickly.