Cyber Incident Victim: Pasco Corporation
Date:
May 2018
Location:
Japan
Summary
Pasco Corporation, a Japanese geospatial and defense contractor, experienced unauthorized network access and malware infections. The breach was part of a broader campaign targeting multiple defense contractors, with investigations revealing no confirmed data leakage. Suspected state-backed threat actors, potentially linked to the Chinese-affiliated group Tick (Bronze Butler), employed tactics like spearphishing and zero-day exploits to infiltrate systems, often deleting logs to obscure their activities. While defense-related information was a possible target, no classified secrets were compromised. The incident highlighted systemic cybersecurity vulnerabilities among defense suppliers, prompting coordinated disclosures by Japanese authorities to raise awareness and improve defenses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Pasco Corporation, a Japanese geospatial provider and defense contractor, experienced a cybersecurity breach in May 2018 involving unauthorized access to its internal network and subsequent malware infections. The company confirmed the incident in an official statement released on February 6, 2020, following coordination with Japan's Ministry of Defense. Investigations conducted after the breach found no evidence of information leakage or data exfiltration. Pasco's systems contained satellite data and defense-related information, though the company clarified no classified defense secrets were compromised. The breach was disclosed alongside similar incidents affecting three other Japanese defense contractors—Kobe Steel, Mitsubishi Electric, and NEC—that occurred between 2015 and 2019. Japanese Defense Minister Taro Kono stated these attacks showed no confirmed connections to each other but warranted coordinated public disclosure to raise awareness about cybersecurity threats facing defense infrastructure.
The breach formed part of a broader pattern targeting Japan's defense industrial base. Attackers gained persistent access to Pasco's network, though specific intrusion methods weren't detailed in available disclosures. Malware was deployed within the environment, consistent with advanced threat actor tradecraft observed in related incidents. While Pasco maintained no data loss occurred, the nearly two-year delay between breach discovery and public disclosure aligned with the Ministry of Defense's strategic timing for announcements. Other compromised contractors like Mitsubishi Electric reported evidence of data theft and attacker efforts to delete activity logs, complicating forensic investigations. Industry reports suggested possible involvement of Chinese state-aligned threat groups like Tick (Bronze Butler), known for targeting Japanese entities through spearphishing and zero-day exploits, though no attribution was officially confirmed for Pasco's incident. The company's response focused on internal investigations rather than public technical disclosures about containment measures or system remediation.