Cyber Incident Victim: NEC Corporation
Date:
Dec 2016
Location:
Japan
Summary
A Japanese electronics and defense contractor experienced unauthorized network access potentially compromising defense-related information, including submarine sensor data and contract details. Approximately 28,000 files were identified on breached servers, with the company acknowledging no confirmed data leaks but admitting the impossibility of ruling out information exposure. Subsequent investigations revealed 27,445 illegally accessed files, though these reportedly contained neither confidential nor personal data. The nation's defense ministry asserted the incident involved contract information rather than classified material, with no operational impact on national security. The intrusion was potentially linked to a Chinese cyber-espionage group known for targeting Japanese entities through zero-day exploits and spearphishing to acquire corporate secrets, coinciding with another major domestic corporation's breach during the same period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2018, NEC Corporation detected unauthorized access to its internal network, specifically impacting servers associated with its defense business division. The breach was discovered during routine security monitoring, which revealed approximately 28,000 compromised files containing defense equipment information, including submarine sensor data and contract details with Japan's Ministry of Defense. While NEC acknowledged these unauthorized accesses, the company initially stated there was no conclusive evidence confirming data exfiltration or damage. This incident affected NEC's role as a primary contractor for Japan Self-Defense Forces equipment, including 3D radar systems and broadband multipurpose radio projects. NEC's Public Relations Office informed media outlets including NHK, Asahi Shimbun, and Kyodo News that an information leak remained possible despite no confirmed damage, stating: "We have not confirmed any damage such as information leaks so far. However, it cannot be said that it has not leaked." The company maintained that it regularly identified unauthorized access attempts across its networks but emphasized no critical systems were disrupted.
The Japanese Ministry of Defense subsequently clarified that exposed files pertained only to contractual agreements with NEC rather than classified defense secrets, asserting no impact on national security operations. This disclosure occurred alongside a separate January 2020 breach at Mitsubishi Electric, where compromised Chinese affiliates led to corporate data leaks approximately 10 days prior to NEC's public acknowledgment. Cybersecurity analysts noted potential involvement of Tick, a cyber-espionage group historically targeting Japanese defense and industrial entities through zero-day exploits and spearphishing campaigns aimed at intellectual property theft. In a January 30, 2020 press release, NEC formally confirmed the 2018 incident, specifying that 27,445 files had been illegally accessed but contained neither confidential data nor personal information. The company reported direct notifications to affected customers regarding the compromised files since July 2018, though no technical details about intrusion methods or attacker attribution were disclosed publicly.