- Japanese authorities confirm a cyber campaign targeted government and infrastructure targets between 2019 and 2024
- Chinese hacking group MirrorFace thought to be behind the attacks
- The group has claimed a number of victims over the last few years
The Japanese government has revealed a string of over 200 cyberattacks in the last five years are linked, and the top suspect is notorious hacking group MirrorFace.
The attacks targeted the country’s infrastructure, and reportedly had the aim of stealing Japanese national security and advanced technology data.
The National Police Agency (NPA) confirmed that analysis on the targets, methods, and infrastructure was able to link hundreds of attacks between 2019 and 2024, with targets like the Japanese Foreign and Defense ministries, the country’s space agency, and individuals including politicians, journalists and private companies.
Japan’s infrastructure at risk
The group MirrorFace, also known as Earth Kasha, most often targets businesses and individuals, but has been observed recently engaging in a spear phishing campaign targeting researchers and government workers, luring victims with fake documents discussing US-China relations.
MirrorFace’s spearphishing campaign included sending emails containing attachments with malware which was sent to individuals and organizations to view data saved on computers between December 19 and July 2023, primarily from Outlook and Gmail addresses using stolen identities, the NPA investigation found.
Experts have raised concerns about Japan’s cybersecurity vulnerabilities, especially considering recent push by the country to develop its military and defense capabilities and cyberdefences.
Japan recently faced DDoS attacks from pro-Russian hackers targeting government and political entities, following the strengthening of Japan’s military alliance with the United States. These attacks were disruptive, and highlighted the growing risk of politically motivated cyberattacks.
Japanese firms including Casio, NTT Docomo, and Japan Airlines have all been targeted in cyberattacks in recent months, but the vulnerability of the state owned infrastructure is perhaps most concerning.
Via ABC News