The worrying cyberattack on Japanese defence contractors in August was probably the work of a single attacker looking to steal industrial secrets, local newspapers are reporting.
Japanese police have now traced the point of attack to a PC based in the Society of Japanese Aerospace Companies (SJAC), from which an email containing malware was sent on 26 August to the target companies, Mitsubishi Heavy, Kawasaki Heavy, claiming to be a legitimate communication from one of its employees.
Since both companies are members of the SJAC, the hope would have been that the ruse would catch the recipient off-guard. The attack was skilful enough to reproduce a genuine email from an employee sent to the same recipient only hours earlier.
Police still maintain that no significant data was lost during the attacks, although one of the two companies, Mitsubishi Heavy, admitted some weeks ago that 83 of its PCs and servers had been infected by the malware.
The perpetrator and his or her motivation has not yet been uncovered but the site of the attack inside the SJAC at least raises a small possibility that the motivation could have been local rather than foreign.
The attacker appears to have tried to obscure the origin of the attacks by reaching out via a proxy server based in the US. It is not clear form Japanese reports whether police believe that the attacker might also have been using the SJAC machine as a convenient relay and could have been based outside the country.
The sector chosen, defence and aerospace, and the relatively sophisticated and targeted nature of the incursion, has raised fears that Japan could now be under attack from external forces.
Sign up for CIO Asia eNewsletters.