In March, hackers stole sensitive information from Fujitsu customers. The company says it was not a ransomware attack.
The hackers were able to steal data without being noticed by detection tools due to a “sophisticated mechanism.” In March, Fujitsu discovered the presence of hackers after it found malware on several of its systems.
The subsequent investigation now reveals that data belonging to corporate customers was stolen. The stolen information included personal data and “information related to customers’ business.”
Spread to 49 PCs
The investigation additionally reveals how the hackers moved within the systems. “After malware was placed on one of our corporate computers, it was observed that it spread to other corporate computers,” the company reports . The hackers were able to penetrate a total of 49 PCs in this way.
Fujitsu took the 49 infected PCs offline in March. The isolation occurred after the discovery of the malware.
Fujitsu leaked itself
Incidentally, another data breach at Fujitsu was reported in March. There, the company leaked sensitive customer information by storing it in a publicly accessible Microsoft Azure storage bucket. A Dutch researcher tracked down this leak and discovered that, among other things, AWS keys and passwords could simply be found online.
This leak was closed before the blunder was made public. However, it cannot be said with certainty that the attackers did not penetrate the corporate computer with passwords gained through this leak.
Also read: Dutch researcher discovers Fujitsu blunder: AWS keys and logins in public bucket