Fujitsu has provided additional details on a cyberattack it initially disclosed in March, clarifying the incident was not a ransomware attack.
Ransomware attacks may be the most popular, and lucrative, form of cyberattack that many organizations deal with, but the Fujitsu incident was something entirely different. According to the company’s latest advisory, malware infiltrated one of the cocmpany’s business PCs, before spreading onto other machines.
The investigation confirmed that the malware was initially stored on one of Fujitsu’s business PCs and then spread to other business PCs. This malware was particularly difficult to detect as it used sophisticated techniques to evade detection, unlike ransomware.
The company says 49 machines were infected in total, although there is no evidence customer services were impacted.
Following a comprehensive investigation, it was confirmed that the number of infected business PCs and the number of other devices where the copy instruction command was executed, and information was transferred, was no other than the 49 PCs initially detected. These devices were all used within Fujitsu’s internal network in Japan, and the investigation has not detected any impact on business PCs connected to network environments outside of Japan.
The affected computers were not managed through the cloud services provided by Fujitsu. Additionally, no trace of access to the services provided by Fujitsu to customers was found. The investigation concluded that the damage did not spread outside of the company’s business computers, including to customer’s network environments.
The malware did manage to exfiltrate some data.
The investigation into various logs (communication logs and operation logs) held by Fujitsu confirmed that some files could have been fraudulently taken out due to the malware’s behavior, and commands for replication instructions were executed. These files contained personal or business-related information about certain customers, who have been informed separately and necessary actions taken. At present, Fujitsu has not received any reports of misuse of personal or information related to customer’s business.
The attack is interesting in that it is reminiscent of traditional computer worms that are designed to attack system and continue to replicate onto new systems. Unlike ransomware, which announces its presence, a worm is designed to disguise itself and evade detection while it accomplishes its goals—in this case data exfiltration.