On Wednesday, January 8th, Japan linked over two hundred cyber attacks on its national security and high-tech data in the past five years to a Chinese (CCP) hacker group named “MirrorFace.” The Japanese authorities detailed the tactics used in these attacks and called for government agencies and companies to strengthen their preventive measures.
The police department analyzed the targets, methods, and infrastructure used by “MirrorFace” in launching cyber attacks between 2019 and 2024. They concluded that these attacks were systematic and connected to the CCP, with the aim of stealing data related to Japan’s national security and advanced technology.
According to the police department, targets of these CCP-led cyber attacks included the Japanese Ministry of Foreign Affairs, Ministry of Defense, aviation research institutions, as well as individuals associated with advanced technology such as politicians, journalists, private companies, and think tank personnel.
Experts have expressed concerns about the vulnerability of Japan’s cybersecurity, especially as Japan strengthens its defense capabilities and cooperates more closely with the United States and other partners to enhance cybersecurity defenses. While Japan has taken steps in response, experts believe that more work needs to be done.
The police department’s investigation found that the primary strategy of “MirrorFace” involved sending emails with malicious software attachments to targeted organizations and individuals between December 2019 and July 2023. These emails typically appeared to come from compromised Gmail and Microsoft Outlook addresses, aiming to access data stored on the recipient’s computer.
The emails often used keywords like “Japan-US Alliance,” “Taiwan Strait,” “Russia-Ukraine War,” and “Free and Open Indo-Pacific Region” as subjects, and included invitations, reference materials, and a list of group members from a supposed research team.
Another tactic employed by hackers between February and October 2023 involved exploiting vulnerabilities in virtual private networks to gain unauthorized access to information in the aerospace, semiconductor, information, and communication sectors in Japan.
One notable attack targeted the Japan Aerospace Exploration Agency (JAXA). The agency acknowledged last June that it had been subjected to a series of cyber attacks since 2023, fortunately without compromising sensitive information related to rockets, satellites, and national defense. The company is conducting an investigation to implement preventive measures.
Last year, a cyber attack paralyzed a container terminal at a port in Nagoya for three days.
Recently, a Japanese airline experienced a cyber attack on Christmas Day, resulting in more than twenty domestic flights being delayed or forced to cancel. However, due to the airline’s successful prevention of the attack and system recovery within hours, flight safety was not compromised.
(This article referenced reporting by The Associated Press)