Back

mufg.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain mufg.jp has experienced a significant number of data breach and infostealer events over the past year, totaling over 114,000 incidents. A substantial portion of these events, approximately 73%, are classified as historical data breaches, while 26.7% are active infostealer logs. The timeline indicates a surge in employee-related events in January 2026, with nearly 1,500 incidents, and a notable increase in client-related events in March 2026, exceeding 33,000. Malware analysis shows LummaC2 as the predominant family, accounting for 43.1% of identified threats, followed by Rhadamanthys and Redline. Targeted services include direct banking portals like direct.bk.mufg.jp and entry points for online banking. The majority of data breach events originate from combolist sources, suggesting credential stuffing attacks. The high volume of data breaches and active infostealer logs, coupled with the targeting of critical banking services and a significant number of employee and client records exposed, indicates a high-risk exposure. The prevalence of LummaC2, a known infostealer, further elevates the risk of sensitive data compromise. Prioritization should focus on immediate remediation of identified vulnerabilities, enhanced credential security measures, and comprehensive monitoring of direct banking and online entry points. Given the nature of the targeted services and the domain, the primary focus should be on preventing further credential compromise and protecting client and employee data.

Total Events

114,563
credential exposure events

Employee Affected Events

1,909
account email domain = mufg.jp

Client Affected Events

112,654
service target = mufg.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 33,376
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events30,620
Share27%
Data breaches
Events83,943
Share73%
Infostealer logs (27%)
30,620events
Data breaches (73%)
83,943events

1,909 compromised employee accounts pose an infrastructure risk, while 112,654 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender421
Windows Defender.48
Windows Defender ウイルスバスター クラウド44
Windows Defender Deep Instinct Endpoint Protection26
Windows Defender McAfee24
Windows Defender マカフィー ウイルススキャン19
Windows Defender マカフィー セキュリティエージェント16
Windows Defender ESET Security16
Windows Defender マカフィー14

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC213,198
Rhadamanthys1,319
Redline970
Acreed670
Vidar604
StealC134
Millenium125
Remus117
Raccoon98

Top Login URLs

Top exposed services found in the event results

  1. 1https://direct.bk.mufg.jp/27,243
  2. 2direct.bk.mufg.jp7,261
  3. 3https://direct.bk.mufg.jp7,133
  4. 4direct.bk.mufg.jp/7,032
  5. 5https://entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login4,808
  6. 6https://entry11.bk.mufg.jp3,282
  7. 7entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login3,211
  8. 8entry11.bk.mufg.jp3,136
  9. 9https://www2.cr.mufg.jp/newsplus/2,230
  10. 10https://entry11.bk.mufg.jp/1,678

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events5,393
Thailand
Events85
United States
Events84
Vietnam
Events78
Algeria
Events37
Brazil
Events34
Indonesia
Events30
Australia
Events29

Country Breakdown

  1. 1Japan5,393
  2. 2Thailand85
  3. 3United States84
  4. 4Vietnam78
  5. 5Algeria37
  6. 6Brazil34
  7. 7Indonesia30
  8. 8Australia29

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix19
FortiNet VPN4
OneLogin3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 Pro (10.0.26100.3194) x643,905
Windows 11 Pro (10.0.26100.3323) x643,899
Windows 11 Pro (10.0.26100.3037) x643,789
Windows 11822
Windows 11 24H2 build 26100 (64 Bit)697

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
82,112
Combolist pools
1,831
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.