Japan has identified more than 200 cyberattacks targeting the country's national security and high technology data over the past five years, linking them to a Chinese hacking group known as MirrorFace. The National Police Agency revealed that these systematic attacks, occurring from 2019 to 2024, were aimed at stealing data related to Japanese national security and advanced technology.
The targets of these cyberattacks included Japan's Foreign and Defense ministries, the country's space agency, as well as individuals such as politicians, journalists, private companies, and think tanks associated with advanced technology. MirrorFace employed various tactics, including sending emails with malware-laden attachments to access data saved on computers, often using stolen identities from Gmail and Microsoft Outlook addresses.
The emails were crafted with subjects like “Japan-U.S. alliance,” “Taiwan Strait,” “Russia-Ukraine war,” and “free and open Indo-Pacific,” along with invitations for study panels and references to panelists. Additionally, the hackers exploited vulnerabilities in virtual private networks to gain unauthorized access to information from Japanese organizations in aerospace, semiconductors, and information and communications sectors.
Notably, the Japan Aerospace and Exploration Agency (JAXA) acknowledged being targeted by cyberattacks since 2023, although sensitive information related to rockets, satellites, and defense remained secure. The agency is actively investigating and implementing preventive measures to safeguard its systems.
Recent incidents include a cyberattack that disrupted operations at a container terminal in Nagoya for three days and an attack on Japan Airlines during Christmas, resulting in delays and cancellations to over 20 domestic flights. Fortunately, the airline was able to halt the attack, restore its systems promptly, and ensure there was no impact on flight safety.
As Japan continues to enhance its defense capabilities and cybersecurity measures, experts emphasize the need for ongoing vigilance and collaboration with international partners to counter cyber threats effectively.
