Trend Micro antivirus zero-day used in Mitsubishi Electric hack

trend micro

Special feature

Cyberwar and the Future of Cybersecurity

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus during their attacks on Mitsubishi Electric, ZDNet has learned from sources close to the investigation.

Trend Micro has now patched the vulnerability, but the company did not comment if the zero-day was used in other attacks beyond Mitsubishi Electric.

Mitsubishi Electric hack

News of the Mitsubishi Electric hack became public on Monday, this week. In a press release published on its website, the Japanese electronics vendor and defense contractor said it was hacked last year.

The company said it detected an intrusion on its network on June 28, 2019. Following a months-long investigation, Mitsubishi said it discovered that hackers gained access to its internal network from where they stole roughly 200 MB of files.

While initially the company didn’t reveal the content of these documents, in an updated press release, the company said the files contained primarily information on employees, and not data related to its business dealings and partners.

According to Mitsubishi, the stolen documents contained:

  • Data on employment applications for 1,987 people
  • The results of a 2012 employee survey that was filled in by 4,566 people from its head office
  • Information on 1,569 Mitsubishi Electric workers that retired between 2007 and 2019
  • Files with corporate confidential technical materials, sales materials, and others.

The zero-day

This week, Japanese media dug deeper into the hack. According to reports, the hack first originated at a Mitsubishi Electric Chinese affiliate, and then spread to 14 of the company’s departments/networks.

The intrusion was allegedly detected after Mitsubishi Electric staff found a suspicious file on one of the company’s servers.

None of this was confirmed by the Japanese company, but discovered by Japanese reporters. The only technical detail in relation to the hack Mitsubishi Electric disclosed was the fact that hackers exploited a vulnerability in one of the antivirus products the company was using.

A source with knowledge of the attack told ZDNet that the hackers exploited CVE-2019-18187, a directory traversal and arbitrary file upload vulnerability in the Trend Micro OfficeScan antivirus.

According to a security advisory Trend Micro sent out in October 2019, “affected versions of OfficeScan could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).”

In a case study on its website, Trend Micro lists Mitsubishi Electric as one of the companies that run the OfficeScan suite.

When it patched CVE-2019-18187 back in October, Trend Micro warned customers that the vulnerability was being actively exploited by hackers in the wild.



Japanese media claimed that the intrusion was the work of a Chinese state-sponsored cyber-espionage group known as Tick.

The Tick hacking group is known for carrying out a large number of hacking campaigns aimed at targets all over the world over the past few years. Currently, it is unclear if the group also used the OfficeScan zero-day against other targets.

Trend Micro declined to comment for this article.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin35,766 0.84 % 7.62 % 17.06 %
Ethereum2,456.1 0.18 % 13.01 % 25.84 %
Tether1.000 0.18 % 0.60 % 0.24 %
Binance Coin363.94 0.67 % 14.01 % 25.74 %
USD Coin1.010 0.56 % 0.46 % 0.47 %
Cardano1.040 0.61 % 13.29 % 19.19 %
Solana99.40 0.58 % 17.35 % 32.07 %
XRP0.5954 0.88 % 13.11 % 23.09 %
Terra61.09 1.00 % 18.72 % 25.16 %
Polkadot18.72 1.00 % 15.48 % 32.55 %

Bitcoin (BTC) $ 35,011.00
Ethereum (ETH) $ 2,410.35
Tether (USDT) $ 0.999236
Binance Coin (BNB) $ 358.49
USD Coin (USDC) $ 0.995581
Cardano (ADA) $ 1.02
Solana (SOL) $ 96.73
XRP (XRP) $ 0.582704
Terra (LUNA) $ 58.89
Polkadot (DOT) $ 18.21