The zip attachment of the "PURCHASE ORDER" email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.
Cyber Security, Japan to limit foreign ownership of firms in its IT and TLC sectors
Japan will limit foreign ownership of firms in 20 its IT and telecom sectors. The goal is to prevent technology theft or damages to defense output and technological foundation
Japan will limit foreign ownership of firms in its IT and telecom sectors, fearing cyber security issues. According to Reuters, Tokyo wants to prevent theft of technology, strategical for national security, or damages to defense output and technological foundation. The new rule, effective on August 1, will be applied to 20 sectors in information and communications industries, according to a joint statement by Finance, Trade and Communications ministries. “Based on increasing importance of ensuring cyber security in recent years, we decided to take necessary steps, including addition of integrated circuit manufacturing, from the standpoint of preventing as appropriate a situation that will severely affect Japan’s national security,” the statement reports. The move could be related to Huawei and US-China issues. Not surprisingly, the announcement came on the same day US president Donald Trump and Japanese Prime Minister Shinzo Abe are holding talks in Tokyo on trade and other issues.
Japan and United States increased their cooperation on cyber security issues, including deterrence and response capabilities. The Security Treaty between the two countries can be applied also to emerging threats, as cyber attacks
Japan and United States recently increased their cooperation on cyber security during a “two-plus-two” meeting in Washington. According to The Diplomat, both sides agreed to enhance cooperation on cyberspace issues, including deterrence and response capabilities. The meeting considered how the existing provisions of the Security Treaty between the United States and Japan could be applied to emerging threats. Article Five of the document said that both countries recognized “that an armed attack against either Party in the territories under the administration of Japan would be dangerous to its own peace and safety.” Furthermore, each side declared “that it would act to meet the common danger in accordance with its constitutional provisions and processes.” During the meeting, the ministers “affirmed that international law applies in cyberspace and that a cyber attack could, in certain circumstances, constitute an armed attack for the purposes of Article V.”