Skip to main content

Hitachi

Hitachi Incident Response Team

HIRT-PUB

HIRT-PUB17010 : Security Alert: Ransomware NotPetya (Petya Variant)

HIRT-PUB17010

Beginning from June 27, 2017, the ransomware NotPetya (also known as Petrwrap, GoldenEye and Nyetya) has been active in the wild.

(July 10, 2017 published)

HIRT-PUB17008 : Security Alert: Ransomware WannaCry

HIRT-PUB17008

Beginning from May 13, 2017, the ransomware WannaCry (also known as WannaCrypt, WanaCrypt0r, WCrypte, and WCRY) has been active in the wild. WannaCry exploits a vulnerability in Windows SMBv1 (vulnerability CVE-2017-0145, addressed by security update MS17-010), which allows remote code execution. The ransomware spreads like a network worm to infect other Windows systems with this vulnerability.

(June 12, 2017 published)

HIRT-PUB17007 : Joining with the AIS

HIRT-PUB17007

AIS (Automated Indicator Sharing) is an information-sharing initiative involving a collaboration between private and public sectors, to share detected cyber attack indicators. Such indicators include the domains and IP addresses of servers controlling cyber attacks, and malware hash values.

(August 17, 2017 published)

HIRT-PUB17006 : Apache Struts 2 Remote Code Execution issue (CVE-2017-5638)

HIRT-PUB17006

Jakarta Multipart parser of Apache Struts 2 mishandles file upload, that may allow an attacker to remotely execute arbitrary code via crafted HTTP requests.

(March 17, 2017 published)

HIRT-PUB17004 :Ransomware - Virtual experience demonstration (3)-

HIRT-PUB17004

Ransomware is a generic term that refers to malicious programs that lock targeted PCs and/or hold files hostage. While the term "ransomware" might be familiar to some people, it is not widely understood how these programs attack the targeted PCs. HIRT-PUB17004 addresses an incident of ransomware which was brought to attention in late 2016.

(March 17, 2017 published)

HIRT-PUB17003 : Addressing the Spread of Malware Infections Using the Rig Exploit Kit

HIRT-PUB17003

HIRT-PUB17003 introduces activities of the Japan Cybercrime Control Center (JC3), an organization of which Hitachi is now part, which are aimed at eradicating the redirector websites.

(March 17, 2017 published)

HIRT-PUB16003 : Cyber attacks Using IoT Devices

HIRT-PUB16003

Cyber attacks involving IoT (Internet of Things) devices installed in Linux environments, such as home/small office routers, webcams, network storage systems, and digital video recorders, have become prominent since 2016. HIRT-PUB16003 reports on this recent trend.

(April 24, 2017 published)

HIRT-PUB16002: HIRT: Annual Report 2015

HIRT-PUB16002

HIRT: Annual Report 2015 presents HIRT's activities and trends insecurity threats and vulnerability. "When a large-impact incident occurs, great change in the counterapproach is also seen. In 2006 when information leaks occurred in file-sharing software, thin client terminals were adopted. In 2011 when defense industry..."

(November 21, 2016 published)

HIRT-PUB16001: Ransomware

HIRT-PUB16001

Ransomware variants have grown very rapidly since 2015 and often attempt to extort money from victims. HIRT-PUB16001 is an advisory to address issue for Ransomware and Recent Variants.

(April 13, 2016 published)

HIRT-PUB15005: HIRT: Annual Report 2014

HIRT-PUB15005

HIRT: Annual Report 2014 presents HIRT's activities and trends insecurity threats and vulnerability. "The feature of 2014 in terms ofincidents was that damage by malicious programs that target onlinebanking became more serious. Also targeted attack and websitecompromised have continued to cause damage..."

(October 6, 2015 published)

HIRT-PUB15004: HTTP.sys Remote Code Execution issue

HIRT-PUB15004

HTTP.sys of Microsoft Windows contains an integer overflow vulnerability that may allow an attacker to remotely execute arbitrary code via crafted HTTP requests.

(April 20, 2015 published)

HIRT-PUB15003: [tutorial] SSL/TLS implementations 'FREAK' issue

HIRT-PUB15003

Some SSL/TLS implementations accept the use of an export-grade RSA public key in a non-export RSA key exchange ciphersuite. This vulnerability is commonly referred to as "FREAK". HIRT-PUB15003 is a tutorial to address this issue.

(March 23, 2015 published)

HIRT-PUB15001: GNU C Library (glibc) 'GHOST' issue in Hitachi products

HIRT-PUB15001

GNU C Library (glibc) contains a heap buffer overflow vulnerability (commonly referred to as "GHOST") that may allow an attacker to remotely execute arbitrary code. HIRT-PUB15001 is an advisory to address issue in Hitachi products.

(January 29, 2015 published)

HIRT-PUB14014: Hitachi Review: Trends in Security Incidents and Hitachi's Activities

HIRT-PUB14014

Hitachi Review presents HIRT's activities and trends in security incidents. "As cyber-attacks continue to evolve, the types of security incident they trigger are becoming more diverse. They are also having an increasingly signifi cant impact ..."

(July, 2014 published)

HIRT-PUB14011: GNU Bourne-Again Shell (Bash) 'Shellshock' issue in Hitachi products

HIRT-PUB14011

GNU Bourne-Again Shell (Bash) contains a vulnerability (commonly referred to as"Shellshock") that could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system. HIRT-PUB14011 is an advisory to address issue in Hitachi products.

(October 7, 2014 published)

HIRT-PUB14005: OpenSSL TLS heartbeat extension read overrun issue in Hitachi products

HIRT-PUB14005

OpenSSL 1.0.1 contains a vulnerability (commonly referred to as"heartbleed") that could disclose sensitive private information to an attacker. HIRT-PUB14005 is an advisory to address issue in Hitachi products.

(April 17, 2014 published)

HIRT-PUB14004: HIRT: Annual Report 2013

HIRT-PUB14004

HIRT: Annual Report 2013 presents HIRT's activities and trends in security threats and vulnerability. "In 2013, cyber incidents were that website compromised actions became steady occurrences and damage by malicious programs that target online banking became more serious ..."

(May 26, 2014 published)

HIRT-PUB14003: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

HIRT-PUB14003

Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. HIRT reported this vulnerability to JVN in line with the framework of vulnerability handling - Information Security Early Warning Partnership. HIRT-PUB14003 is an advisory to address vulnerability and to show reported timeline.

(February 19, 2014 published)

HIRT-PUB13002: HIRT: Annual Report 2012

HIRT-PUB13002

HIRT: Annual Report 2012 presents HIRT's activities and trends in security threats and vulnerability. "In 2012, the known threats like targeted attack, website compromised actions and USB malware (e.g.Conficker) have continued to cause damage. Features of 2012 were that denial-of-service attacks and website compromised actions by 'hacktivists' became steady occurrences, and ..."

(November 13, 2013 published)

HIRT-PUB13001: HIRT: Annual Report 2011

HIRT-PUB13001

HIRT: Annual Report 2011 presents HIRT's activities and trends in security threats and vulnerability. "The Year 2011 saw the occurrence of a diversity of security incidents and developed into a transitional period in which cyber attack countermeasures were ..."

(May 26, 2014 published)

HIRT-PUB11004: Microsoft Windows XP vulnerable to denial-of-service (DoS)

HIRT-PUB11004

HIRT-PUB11004 is an advisory to address vulnerability in Microsoft Windows XP. Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service (DoS).

(September 30, 2011 published)

HIRT-PUB11002: HIRT: Annual Report 2010

HIRT-PUB11002

HIRT: Annual Report 2010 presents HIRT's activities and trends in security threats and vulnerability. "In 2010, the attacks that targeted a specific organization (targeted attack) and used an organization's internal network as an attack base (stealth attack) gathered attention such as Operation Aurora and Stuxnet..."

(December 19, 2011 published)

HIRT-PUB10008: Hitachi Vulnerability Disclosure Process

HIRT-PUB10008

HIRT-PUB10008 describes on Hitachi's role as the developer of information system products (Product IRT) and shows the vulnerability disclosure process of the Hitachi group.

(September 30, 2011 published)

HIRT-PUB10002: HIRT: Annual Report 2009

HIRT-PUB10002

HIRT: Annual Report 2009 presents HIRT's activities and trends in security threats and vulnerability. "In 2009, passive (redirection) type attacks, which use websites as the basis for attacks, have become more general, as shown by the proliferation of Conficker, USB memory type malware and Gumblar, web-based malware..."

(Sep. 29, 2010 published)

HIRT-PUB09006: HIRT: Annual Report 2008

HIRT-PUB09006

HIRT: Annual Report 2008 presents HIRT's activities and trends in security threats and vulnerability. "From 2008 onwards, a virus started to spread via USB memory sticks, which represents a recurrence of the virus infection via floppy disk phenomenon and can be described as history repeating itself..."

(Jun. 22, 2009 published)

HIRT-PUB09004: HIRT: Annual Report 2007

HIRT-PUB09004

HIRT is a team of security experts that disseminates vulnerability and incident information to support HITACHI group companies to protect the customers' computer systems from malicious events such as unauthorized access and security incidents."HIRT: Annual Report 2007" presents HIRT's activities and trends in security threats and vulnerability.

(May 22, 2009 published)

HIRT-PUB07005:
Let's take a look at the flow of packet data transmitted by a worm Part II

HIRT-PUB07005

In the HIRT-PUB07004, we attempted to visualize the activities of a worm, focusing on the regularity of a packet (a destination IP address) sent by the worm. In the HIRT-PUB07005, we are targeting visualization, focusing on the completeness (i.e. the scanning scope) and the selection order (the random nature) of a destination IP address.

(Jun. 1, 2007 published)

HIRT-PUB07004:
Let's take a look at the flow of packet data transmitted by a worm

HIRT-PUB07004

Although no massive incidents due to new worms have occurred recently, nodes infected by worms which proliferated widely in the past still continue their infective activities.Here, we attempt to visualize the packet of worms, which remains flowing on the Internet.

(Apr. 12, 2007 published)

HIRT-PUB07001:
Animation for the introduction of HIRT activities is now available

HIRT-PUB07001

What CSIRT does may not be very intuitive. We've made an animation video to help you understand HIRT's CSIRT efforts more easily.

(Jun. 22, 2007 published)

  • * HIRT animation was taken down on September 27, 2007. Thank you for your interest!