Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts


Level 16
Thread author
Top poster
May 4, 2019
Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies.

The National Cyber Security Center (NISC) of Japan and the country's Ministry of Land, Infrastructure, Transport, and Tourism revealed at the time that the actors gained access to at least 76,000 email accounts during the ProjectWEB breach.

Following the incident, the Cabinet Secretariat's national cybersecurity center (NISC) waned [1, 2] government agencies and critical infrastructure organizations using Fujitsu's ProjectWEB tool to check for signs of unauthorized access or information leakage.