The Japanese Finance Ministry has just uncovered a Trojan that has infected more than a hundred of its computers over the past two years.
Trojans and viruses have been known to remain undiscovered for long periods of time, and it seems that the Japanese government is the latest victim of just such an attack. Reports indicate that the Japanese government has uncovered an attack that may have been running undiscovered on its internal networks and leaking confidential data for more than two years.
The local Kyodo news service was told by the Japanese Finance Ministry that the first infection came in January 2010; the most recent attack took place in November 2011, with the attacks apparently stopping after that. However, the infections were only discovered last week during an ongoing security audit of the IT systems of the Finance Ministry begun by an independent security firm in May. So far, 2,000 machines have been checked and 123, a high, concerning, disturbing number, were found to be infected by the Trojan.
The Japanese government has been trying to downplay the severity of the attacks, claiming that confidential information like taxpayers’ details had not been leaked and that the infected computers belonged mainly to junior staff, though the Trojan may have accessed documents relating to ministry meetings.
The report references the hacktivist group Anonymous, which launched Denial of Service attacks and website defacements of several government and political sites, including those of the Finance Ministry; the attacks took place last month, but this recent Trojan attack appears at first glance not to fit the standard operating procedure of Anonymous. The Trojan apparently went undetected by the anti-virus software installed on the government PCs for a long period of time, a hallmark of a sophisticated, advanced, persistent threat-style attack, traits uncommon in previous Anonymous attacks.
The Finance Ministry has yet to identify exactly how the PCs became infected in the first place, but they have replaced the hard drives on all the affected computers.
Last October, a Trojan attack on computers belonging to several members of the Japanese Parliament was uncovered. Using the tried-and-true method of being sent as a malicious attachment, the malware caused the hijacked machines to send data back to a server located in China.