{
	"id": "ac0c339c-60e7-4dc9-ae0d-bb7d6e9e20b5",
	"created_at": "2026-04-06T00:07:52.873313Z",
	"updated_at": "2026-04-10T13:12:33.899769Z",
	"deleted_at": null,
	"sha1_hash": "ae5e26839b874afa76f39537d91ca881ca1213b9",
	"title": "Mitsubishi Electric discloses security breach, China is main suspect",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39545,
	"plain_text": "Mitsubishi Electric discloses security breach, China is main suspect\r\nBy Written by Catalin Cimpanu, ContributorContributor Jan. 20, 2020 at 2:27 a.m. PT\r\nArchived: 2026-04-05 20:22:33 UTC\r\nIn a short statement published today on its website, Mitsubishi Electric, one of the world's largest electronics and\r\nelectrical equipment manufacturing firms, disclosed a major security breach.\r\nAlthough the breach occurred last year, on June 28, and an official internal investigation began in September, the\r\nTokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi\r\nShimbun and Nikkei, published stories about the hack.\r\nBoth publications blamed the intrusion on a Chinese-linked cyber-espionage group named Tick (or Bronze\r\nButler), known to the cyber-security industry for targeting Japan over the past few years [1, 2, 3, 4, 5, 6, 7, 8, 9,\r\n10].\r\nSee als\r\nHack originated from a Chinese affiliate\r\nAccording to the reports in local media, the intrusion was detected after Mitsubishi Electric staff found a\r\nsuspicious file on one of the company's servers.\r\nThe intrusion was later tracked to a compromised employee account.\r\n\"Unauthorized access began with affiliates in China and spread to bases in Japan,\" Asahi reported.\r\nThe newspaper said hackers escalated their access from this initial entry point to Mitsubishi Electric's internal\r\nsystems, gaining access to the networks of around 14 company departments, such as sales and the head\r\nadministrative office.\r\nThe two newspapers reported that hackers stole sensitive data from the company's internal network. In particular,\r\nNikkei reported that hackers compromised \"tens of PCs and servers in Japan and overseas,\" from where they stole\r\naround 200 MB of files, mostly business documents.\r\nMitsubishi Electric did not deny that data exfiltration took place, but only denied that the intruders stole data on its\r\nbusiness partners and defense contracts.\r\nThe company said it's still investigating the incident, but according to open-source reporting, the attackers\r\nappeared to have deleted access logs, slowing down investigators.\r\nMajor security breach in Japan\r\nhttps://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/\r\nPage 1 of 2\n\nIn Japan, the incident is being treated with the utmost severity. Mitsubishi Electric is one of Japan's biggest\r\ndefense and infrastructure contractors, with active projects within the Japanese military, but also\r\ntelecommunications, railways, and the electrical grid.\r\nBefore going public with the news today, Mitsubishi Electric had also notified members of the Japanese\r\ngovernment and Ministry of Defense, according to local newspaper Mainichi.\r\nThe world's most famous and dangerous APT (state-developed) malware\r\nSecurity\r\nSource: https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/\r\nhttps://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/"
	],
	"report_names": [
		"mitsubishi-electric-discloses-security-breach-china-is-main-suspect"
	],
	"threat_actors": [
		{
			"id": "bbefc37d-475c-4d4d-b80b-7a55f896de82",
			"created_at": "2022-10-25T15:50:23.571783Z",
			"updated_at": "2026-04-10T02:00:05.302196Z",
			"deleted_at": null,
			"main_name": "BRONZE BUTLER",
			"aliases": [
				"BRONZE BUTLER",
				"REDBALDKNIGHT"
			],
			"source_name": "MITRE:BRONZE BUTLER",
			"tools": [
				"Mimikatz",
				"build_downer",
				"cmd",
				"ABK",
				"at",
				"BBK",
				"schtasks",
				"down_new",
				"Daserf",
				"ShadowPad",
				"Windows Credential Editor",
				"gsecdump"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "f8dddd06-da24-4184-9e24-4c22bdd1cbbf",
			"created_at": "2023-01-06T13:46:38.626906Z",
			"updated_at": "2026-04-10T02:00:03.043681Z",
			"deleted_at": null,
			"main_name": "Tick",
			"aliases": [
				"G0060",
				"Stalker Taurus",
				"PLA Unit 61419",
				"Swirl Typhoon",
				"Nian",
				"BRONZE BUTLER",
				"REDBALDKNIGHT",
				"STALKER PANDA"
			],
			"source_name": "MISPGALAXY:Tick",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "54e55585-1025-49d2-9de8-90fc7a631f45",
			"created_at": "2025-08-07T02:03:24.563488Z",
			"updated_at": "2026-04-10T02:00:03.715427Z",
			"deleted_at": null,
			"main_name": "BRONZE BUTLER",
			"aliases": [
				"CTG-2006 ",
				"Daserf",
				"Stalker Panda ",
				"Swirl Typhoon ",
				"Tick "
			],
			"source_name": "Secureworks:BRONZE BUTLER",
			"tools": [
				"ABK",
				"BBK",
				"Casper",
				"DGet",
				"Daserf",
				"Datper",
				"Ghostdown",
				"Gofarer",
				"MSGet",
				"Mimikatz",
				"Netboy",
				"RarStar",
				"Screen Capture Tool",
				"ShadowPad",
				"ShadowPy",
				"T-SMB",
				"down_new",
				"gsecdump"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "d4e7cd9a-2290-4f89-a645-85b9a46d004b",
			"created_at": "2022-10-25T16:07:23.419513Z",
			"updated_at": "2026-04-10T02:00:04.591062Z",
			"deleted_at": null,
			"main_name": "Bronze Butler",
			"aliases": [
				"Bronze Butler",
				"CTG-2006",
				"G0060",
				"Operation ENDTRADE",
				"RedBaldNight",
				"Stalker Panda",
				"Stalker Taurus",
				"Swirl Typhoon",
				"TEMP.Tick",
				"Tick"
			],
			"source_name": "ETDA:Bronze Butler",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"9002 RAT",
				"AngryRebel",
				"Blogspot",
				"Daserf",
				"Datper",
				"Elirks",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"HOMEUNIX",
				"HidraQ",
				"HomamDownloader",
				"Homux",
				"Hydraq",
				"Lilith",
				"Lilith RAT",
				"McRAT",
				"MdmBot",
				"Mimikatz",
				"Minzen",
				"Moudour",
				"Muirim",
				"Mydoor",
				"Nioupale",
				"PCRat",
				"POISONPLUG.SHADOW",
				"Roarur",
				"RoyalRoad",
				"ShadowPad Winnti",
				"ShadowWali",
				"ShadowWalker",
				"SymonLoader",
				"WCE",
				"Wali",
				"Windows Credential Editor",
				"Windows Credentials Editor",
				"XShellGhost",
				"XXMM",
				"gsecdump",
				"rarstar"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434072,
	"ts_updated_at": 1775826753,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ae5e26839b874afa76f39537d91ca881ca1213b9.pdf",
		"text": "https://archive.orkl.eu/ae5e26839b874afa76f39537d91ca881ca1213b9.txt",
		"img": "https://archive.orkl.eu/ae5e26839b874afa76f39537d91ca881ca1213b9.jpg"
	}
}