Japan's National Police Agency (NPA) has linked over 200 cyberattacks targeting national security and high-tech data to the Chinese hacking group MirrorFace. The attacks, spanning five years, were systematic and aimed at acquiring sensitive information.
The NPA's investigation, covering 2019 to 2024, revealed the attacks targeted various government entities, including the Foreign and Defense ministries and the space agency. Individuals, including politicians, journalists, and those working in advanced technology sectors, were also targeted.
The attack methodology employed by MirrorFace involved phishing emails. These emails, often containing malicious attachments, targeted specific organizations and individuals. The attackers frequently used stolen identities and subject lines related to current geopolitical events, such as the Japan-US alliance, to gain access to computer systems.
Beyond phishing, the hackers also exploited vulnerabilities in virtual private networks (VPNs). This method allowed unauthorized access to data within Japanese organizations involved in aerospace, semiconductors, and communications.
These malicious activities impacted various organizations, including JAXA, which acknowledged a cyberattack series but reported no damage to critical aerospace data. The NPA also highlighted a disruption at a Nagoya port container terminal that lasted three days and a Christmas cyberattack on Japan Airlines that led to flight delays but did not compromise safety.
The revelation underscores ongoing cybersecurity concerns in Japan as it strengthens defense partnerships and enhances its cyber defenses. Experts emphasize the need for further measures to bolster security.
