Cyber Incident Victim: Nippon Telegraph & Telephone
Date:
May 2020
Location:
Japan
Summary
A Fortune 500 company suffered a security breach where attackers infiltrated its internal network through a Singapore-based entry point, progressing through multiple servers in Japan to access an Active Directory system and exfiltrate data belonging to 621 customers of its telecommunications subsidiary. The intrusion was detected four days after initial compromise, prompting immediate system takedowns and an ongoing investigation, with plans to notify affected parties pending further analysis. The incident aligns with recent breaches targeting Japanese corporations, suspected of focusing on defense-related information, while the organization concurrently upgrades its IT infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 7, 2020, attackers breached the internal network of Nippon Telegraph & Telephone (NTT), a Fortune 500 company ranked 64th globally. The intrusion originated from an NTT facility in Singapore, which served as the initial entry point. Hackers leveraged this access to infiltrate a cloud server in Japan (designated as Server B), then pivoted to Server A within NTT Communications’ internal network. This lateral movement culminated in unauthorized access to an internal Active Directory (AD) server, enabling data theft. The attackers exfiltrated information pertaining to 621 customers of NTT Communications, the company’s telecommunications subsidiary and one of Japan’s largest providers, uploading stolen data to a remote server. NTT detected the breach four days post-compromise on May 11, though the specific detection method remains undisclosed. The company confirmed the breach impacted multiple layers of its IT infrastructure, with the AD compromise representing the deepest penetration.
NTT initiated containment measures immediately upon discovery, taking affected systems offline to disrupt further unauthorized activity. The company launched an ongoing investigation to determine the full scope and methodology of the attack, pledging to notify customers once the review clarifies necessary disclosures. Concurrently, NTT announced plans to upgrade its IT infrastructure, though technical specifics were not provided. The incident exposed sensitive customer data but did not disclose the exact nature of the compromised information. This breach followed a pattern of attacks targeting major Japanese corporations, including Mitsubishi Electric and NEC in January 2020, and Pasco and Kobe Steel in February 2020, with suspected motives centering on defense-related intelligence theft. As a global leader in managed IT services, cloud solutions, and enterprise network management, NTT’s breach underscored systemic vulnerabilities within critical infrastructure providers. The company did not attribute the attack to any specific threat actor or nation-state.