Mitsubishi Power reports unauthorized access damage through the monitoring service of Hitachi Systems operations

On December 11, 2020, Mitsubishi Power, a subsidiary of Mitsubishi Heavy Industries, which produces gas turbines for thermal power generation, disclosed that it had been affected by unauthorized access through its controlled service provider (MSP). No leaks of classified information, extremely confidential technical information, substantial business partner-related information or personal data have been verified.

Mitsubishi Power discovered the damage caused by unauthorized access on October 2, 2020. In cooperation with Mitsubishi Heavy Industries, as we continued with the investigation over the next three days, it was discovered that illegal contact was being made to the outside from several servers and personal computers.

When the computer was cut off from the network and the contact log was reviewed, it was discovered to have been unlawfully intruded via the MSP operator, and an inquiry was ordered from the MSP operator on October 8, 2020. Mitsubishi Power said, “I can’t reveal the name of the MSP operator” (public relations). Apart from the corporation, there was no improper access to the Mitsubishi Heavy Industries Group networks.

Regarding unauthorized access via MSP, on December 4, 2020, Hitachi Systems reported that it was possible to improperly access a client company via the system process monitoring service provided by Hitachi Systems. The service is an IT control service, according to an interview with Nikkei Cross Tech, which connects the data center of the organization and the customer’s device with an IP-VPN line and tracks equipment anomalies.

Hitachi Systems replied that it had found unauthorized access through IT management services on October 8th. I can’t answer”I can’t answer” (public relations). Through Hitachi Systems services, Mitsubishi Power could have been affected.