Japan’s Finance Ministry Spied On by Trojan for Two Years
Japan’s Finance Ministry recently discovered a data-leaking Trojan on its computers that has been running for almost two years. During a security sweep of their network infrastructure, a third-party security firm found the Trojan and notified the institution.
Of the 2,000 computers checked, 123 were infected with the Trojan that appeared to be present since January 2010. The Finance Ministry said no taxpayer details were exposed and it’s likely that only documents regarding meetings were exposed.
“It is not that the personal information that we have was widely leaked,” one official told reporters.
The most recent infection detected took place in November 2011, but that doesn’t mean information was not accessed via previously installed Trojans. No other attacks were reported after November 2011, indicating that interest may have subsided after the two-year spree.
The antivirus solution on the infected machines seems to have been ineffective in detecting the Trojan, indicating a higher level of sophistication in the attack. Japan’s government only stated that infected computers belonged to junior staff, implying that access to vital information was severely restricted.
Infected hard disk drives were removed, severing all Trojan activities with attacker-controlled servers. Although the official report depicts Anonymous as the primary suspect, the modus operandi of the organization has always been DDoS attacks and not hidden Trojans.