Cyber Incident Victim: Kobe Steel, Ltd.
Date:
Jun 2015
Location:
Japan
Summary
Kobe Steel experienced unauthorized network access and malware infections compromising approximately 250 files containing Ministry of Defense-related data and personal information, though no defense secrets were confirmed leaked. The incident, part of a broader campaign targeting four Japanese defense contractors including Pasco, Mitsubishi Electric, and NEC, involved suspected Chinese state-linked threat actors (Tracked as Tick or Bronze Butler) employing spearphishing and zero-day exploits to steal intellectual property. Investigations revealed potential exfiltration of corporate and defense-adjacent information, with evidence deletion complicating attribution. The Japanese Defense Ministry coordinated disclosures, acknowledging systemic cybersecurity risks but finding no direct links between the breaches across affected firms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Kobe Steel, a major Japanese steel manufacturer and supplier of submarine parts for the Japan Self-Defense Forces, experienced two separate security breaches in June 2015 and August 2016. Unauthorized actors gained access to the company's internal network during both incidents, leading to malware infections on its computing systems. While Kobe Steel's official disclosure in February 2020 stated no confirmed information leakage had been discovered, Nikkei reported that approximately 250 files containing Ministry of Defense-related data and personal information were compromised through server intrusions. The compromised data did not include classified defense secrets according to available reports. This breach was part of a broader pattern targeting Japanese defense contractors between 2016 and 2019, with Pasco Corporation, Mitsubishi Electric, and NEC also experiencing network intrusions during this period.
Pasco Corporation disclosed in February 2020 that it suffered unauthorized network access in May 2018, though its investigation found no evidence of data exfiltration. The Japanese Ministry of Defense coordinated the simultaneous disclosure of breaches affecting all four defense contractors to increase public awareness about cybersecurity threats. Mitsubishi Electric reported a June 2019 breach involving approximately 200 MB of leaked corporate and personal data, while NEC confirmed unauthorized December 2016 access to defense business unit servers with no confirmed data leakage. Investigations into these incidents faced challenges, including deleted activity logs that delayed Mitsubishi Electric's disclosure by eight months. Security researchers identified connections to the Chinese state-aligned Tick hacking group (also known as Bronze Butler) in at least two cases, noting their use of spearphishing, zero-day exploits including a Trend Micro OfficeScan vulnerability, and evidence-erasure techniques to obscure forensic trails. The attackers primarily targeted defense-related intellectual property and corporate information across Japan's manufacturing and critical infrastructure sectors.