After months of postmortem investigation, Fujitsu now says the malware that affected its systems in a cyberattack last March was not ransomware as previously speculated — and noted that the binary self-propagated, worming its way through the company’s internal networks in Japan.
In its rundown of the investigative findings this week, the consumer electronics and networking giant confirmed that the malware first established a beachhead on one of Fujitsu’s business PCs, attacking from an external server (it didn’t mention what the initial access method was). The malware was “particularly difficult to detect,” according to Fujitsu, using sophisticated techniques to cloak itself as it replicated onto 49 other PCs within the network.
Only its Japanese footprint was affected.
“The affected computers were not managed through the cloud services provided by Fujitsu,” the company noted in the advisory. “Additionally, no trace of access to the services provided by Fujitsu to customers was found. The investigation concluded that the damage did not spread outside of the company’s business computers, including to customers’ network environments.”
Nonetheless, the attack resulted in data exfiltration, including files containing “personal or business-related information about certain customers.”
The company said it has since beefed up its security measures, including implementing security monitoring rules for the unnamed malware to all business PCs, and enhancing virus detection software functions and updates.
https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt171e224e6bd430f1/668ef516c06f6267c7e125b0/tokyo_japan-Patrick_Batchelder-Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop
