Commentary from Sean Deuby, Principal Technologist, Semperis aboutJAXA breach
December 2023 by Sean Deuby, Director of Services, Semperis
The commentary from Sean Deuby, Principal Technologist, Semperis regarding the JAXA Breach.
With recent news of Japan’s Aerospace Exploration Agency (JAXA) disclosing a breach involving Active Directory (AD), it’s another harsh reminder of AD’s importance to global organisations that constantly puts it in the crosshairs of threat actors. If Active Directory is successfully breached, attackers can get their hands on privileged credentials and potentially compromise critical applications or steal agency data. Implementing Active Directory security best practices is therefore a crucial step for every organisation.
While specific details about the breach from JAXA today are scant, the agency believes the initial intrusion took place this summer. This means the threat actors have had many months to explore the network and potentially exfiltrate data. JAXA is like other companies that weren’t aware of the intrusion until contacted by a third party, in most cases law enforcement agencies or other researchers.
JAXA will learn from this experience and undoubtedly close the gaps in their security posture. As long as AD environments are vulnerable, it’s imperative that organisations have real-time visibility to changes to elevated network accounts and groups. In addition, keep privileged users to an absolute minimum, use groups to assign privileges, secure accounts with administrator privileges, enforce modern password policies, enforce strong passwords on service accounts, and conduct regular security assessments to understand and minimize AD’s vulnerabilities and attack surface.