Tokyo has recently identified over 200 cyberattacks within the past five years as being linked to a Chinese hacking group known as MirrorFace. The findings reveal the group’s targeted efforts aimed at compromising Japan’s national security and high-tech data, prompting officials to urge both government bodies and businesses to enhance their cybersecurity measures.
According to the National Police Agency’s recent analysis, the systematic cyberattacks were traced back to 2019 and are believed to have been orchestrated from China. Their main objective appears to be the theft of sensitive information pertaining to Japan’s national security and advanced technological sectors.
Targets of these cyber threats included key institutions such as Japan’s Foreign and Defense ministries, the national space agency, and a variety of individuals such as politicians, journalists, and members of private corporations and think tanks involved in advanced technology initiatives.
Experts have long expressed their concerns regarding Japan’s cybersecurity readiness, particularly as the nation is bolstering its defense technologies and collaborating more closely with allies like the United States to enhance their overall cyber defenses. While Japan has implemented some measures, analysts believe that further actions are necessary to fortify its systems.
The hacking group employed various methods, primarily utilizing emails with attachments that contained malware directed at specific organizations and individuals. This activity predominantly occurred from December 2019 to July 2023, with the emails often sent from platforms such as Gmail and Microsoft Outlook using compromised identities.
Subjects of the phishing emails typically featured terms related to geopolitics, including “Japan-U.S. alliance,” “Taiwan Strait,” “Russia-Ukraine war,” and “free and open Indo-Pacific.” The communications often presented invitations for study panels, alongside references and lists of participants.
In addition to this, from February to October 2023, the hackers exploited vulnerabilities in virtual private networks to gain unauthorized access to Japanese organizations within the aerospace, semiconductor, and information technology sectors.
One significant target was the Japan Aerospace and Exploration Agency (JAXA), which confirmed in June that it had experienced a series of cyberattacks since the onset of 2023. Thankfully, no sensitive data concerning rockets, satellites, or defense systems was compromised, although they are now conducting investigations to implement improved preventive measures.
Furthermore, Japan faced notable disruptions from cyberattacks last year, such as an incident that incapacitated operations at a container terminal in Nagoya for three days. More recently, Japan Airlines experienced a cyber incident on Christmas that resulted in delays and cancellations for over 20 domestic flights. Luckily, the airline managed to counter the attack and restore IT systems within hours, ensuring flight safety was not compromised.
