The Japanese government has uncovered an advanced Trojan attack which may have lain undiscovered on its networks leaking confidential data for over two years.
The Finance Ministry told the local Kyodo news service that the first infection came in January 2010, with the most recent taking place in November 2011, after which the attacks apparently stopped.
However, the infections were only discovered last week as part of an on-going security audit of the ministry’s IT systems begun by a contracted firm in May.
So far, 2,000 machines have been checked and a disconcertingly high number – 123 – were found to be infected by Trojan, the report said.
The government is trying to play down the incident by claiming that confidential information such as taxpayers’ details has not been leaked, and that the infected computers belonged mainly to junior staff, although the malware may have accessed documents related to ministry meetings.
The report references hacktivists Anonymous, which last month launched denial of service attacks and web defacements of several government and political sites including the Finance Ministry, although this Trojan attack appears at first sight not quite to fit the MO of the group.
The Trojan was apparently undetected by the anti-virus software installed on the government PCs and lay undetected for a long period of time – hallmarks of a more sophisticated advanced persistent threat-style attack.
The ministry has yet to identify exactly how the PCs became infected and has replaced the hard disks on all affected computers, the report said.
Last October, a Trojan attack on the machines of several Japanese lawmakers was uncovered.
The data-stealing malware arrived as a dodgy attachment and caused hijacked machines to communicate with a server located in China. ®