NTT Communications Announced a Security Breach

By Bill Toulas / May 29, 2020

NTT Communications, a subsidiary of NTT, has announced a data breach that involves hackers gaining access to limited client data. The company's system administrators have detected an unauthorized remote operation on their Active Directory on May 7, 2020. Following an in-depth investigation, NTT's team confirmed that some information had been leaked to the outside. This confirmation came on May 11, 2020, so admittedly, it took the telecom firm quite a while before publicly disclosing the security lapse through an announcement.

The incident was isolated and confined to a specific set of "NTT Com" clients on a single "NTT Com" Japanese platform, and a small number of NTT Ltd. clients who were previously managed by "NTT Com." NTT can confirm that no client segments in the Enterprise Cloud were breached. The company claims that they took measures to protect their systems now and to prevent the recurrence of similar incidents. Moreover, they have clarified that no individual client data was stored in the compromised servers, so the exposed companies' customers haven't been affected by the event. The companies have now been moved to new servers where additional security measures such as better control of communication routes apply.

The following diagram shows how the actors took over the Singapore-based server and then used it as a stepping stone to remotely access other systems in the NTT network. While the breach on the production server was without a doubt serious, NTT managed to cut off the intruder relatively quickly, so the breach was kept to a manageable extent.

attack diagram

Source: NTT

NTT says the cause of the security breach was a migration project that was not done properly, which left the door open for the attacker. The firm assures its customers that they have a complete understanding of what they did wrong during the migration process, and now know how to avoid the same mistakes when dealing with similar projects. Of course, they also promise to disclose more details when their internal investigation is concluded. Finally, NTT hasn't named which of its clients were compromised due to reasons of confidentiality. NTT Com is conducting ongoing forensic research, as well as upgrading security measures to provide additional assurances on these platforms. NTT Com will further strengthen monitoring systems to prevent a recurrence of such incidents and continue investigations on internal servers to improve service quality even more.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari