- Russia issues warnings to Japan over its military posture with the US
- Pro Russian groups subject Japan to a spate of DDoS attacks
- Attacks target critical infrastructure and government bodies
Pro-Russian threat actors have launched a series of coordinated DDoS attacks against Japanese organizations following Japan’s recent moves to strengthen its military alliance with the United States.
Distributed Denial of Service (DDoS) attacks, which flood networks with traffic and disrupt operations, have become a go-to method for cybercriminals and hacktivist groups.
The attacks, which began in mid-October 2024, have targeted key sectors of Japan’s economy and government, including logistics and manufacturing, as well as political entities.
Tensions between Japan and Russia escalate
The cyberattacks followed recent statements made by Russia’s Ministry of Foreign Affairs (MID), which expressed concern over Japan’s growing militarization. Russia highlighted Japan’s increased defense budget and its involvement in joint military exercises with the United States as causes for alarm.
Additionally, Japan’s development of pre-emptive strike capabilities and participation in ballistic missile defense research have contributed to rising tensions between the two nations.
On October 11, 2024, three days before the attacks, Russia reiterated its concerns. In response, two pro-Russian hacktivist groups, NoName057 and the Russian Cyber Army Team, launched a coordinated DDoS campaign aimed at disrupting Japanese organizations and infrastructure.
The cyberattack primarily focused on Japan’s logistics and manufacturing sectors, with a particular emphasis on harbours and shipbuilding. This focus on infrastructure is consistent with previous campaigns carried out by NoName057, a group known for targeting critical sectors in geopolitical conflict zones.
In addition to industrial targets, the hacktivists also attacked Japanese governmental and political organizations. Notably, the political party of Japan’s newly elected prime minister was one of the high-profile targets, potentially as an attempt by the attackers to draw attention to their actions.
According to NETSCOUT, the attacks employed multiple direct-path DDoS attack vectors, with many originating from well-known nuisance networks, cloud hosting provider infrastructure, and virtual private networks (VPNs). The attackers also utilized the DDoSia botnet to amplify their attacks, thereby employing different configurations to maximize the impact.
While these attacks were disruptive, NETSCOUT notes that they have not significantly altered the overall threat landscape in Japan.