TOKYO (AP) — Japan has pointed to more than 200 cyberattacks occurring in the past five years, aimed at the nation’s national security and high-tech data, attributing them to a Chinese hacking group named MirrorFace. The tactics utilized in these attacks were detailed by Japan, urging government entities and businesses to bolster their preventative measures. The National Police Agency disclosed that their examination of the cyberattacks carried out by MirrorFace from 2019 to 2024 revealed a systematic pattern directly linked to China, with the objective of pilfering Japanese national security and advanced technology data.
The targets of these cyberattacks orchestrated by the Chinese government included Japan’s Foreign and Defense ministries, the nation’s space agency, as well as various individuals such as politicians, journalists, private companies, and think tanks associated with cutting-edge technology, as stated by the NPA. Concerns about Japan’s cybersecurity vulnerability have been frequently raised by experts, particularly as the country enhances its defense capabilities and collaborates more closely with the United States and other allies to fortify cyber defenses. Although Japan has taken some measures in this regard, experts emphasize the necessity for further action.
According to the NPA investigation, MirrorFace dispatched emails containing malware-laden attachments to their targeted entities and individuals, enabling them to access data stored on computers mostly between December 2019 and July 2023. These emails usually featured subject lines containing keywords like “Japan-U.S. alliance,” “Taiwan Strait,” “Russia-Ukraine war,” and “free and open Indo-Pacific,” along with an invitation to a study panel, references, and a list of panelists.
Another tactic employed by the hackers involved targeting Japanese organizations operating in aerospace, semiconductor, and information and communications sectors from February to October 2023. Exploiting vulnerabilities in virtual private networks, the hackers gained unauthorized access to sensitive information. The Japan Aerospace and Exploration Agency (JAXA) was among the entities targeted, admitting in June to experiencing a series of cyberattacks since 2023, although no critical data concerning rockets, satellites, or defense systems was compromised. JAXA was conducting an investigation to implement preventative measures in response to these attacks.
In a separate incident last year, a cyberattack disrupted operations at a container terminal in the city of Nagoya for three days. More recently, Japan Airlines encountered a cyberattack on Christmas day, resulting in delays and cancellations for over 20 domestic flights. However, the airline managed to halt the attack and restore its systems within a few hours, with no impact on flight safety reported.
The continuous cyber threats faced by Japan underscore the critical need for enhanced cybersecurity measures to safeguard national security and advanced technology data from malicious actors seeking to exploit vulnerabilities in the digital realm.
