The organization responsible for coordinating Japan’s cyber defense has itself become a victim of a hacking attack – and this occurred over a period of nine months without being detected. There is no official confirmation regarding the perpetrators, but previous attacks on Japan have been linked to a Chinese hacking group.
What exactly happened? The organization responsible for Japan’s national protection against cyber-attacks was infiltrated by hackers who may have gained access to confidential data for up to nine months.
According to a report by the Financial Times, the hacking attack began in the autumn of 2022 and was only discovered in June 2023. Hackers gained access to internal systems via the email account of a single employee. The vulnerability went unnoticed for months until an investigation was eventually launched.
In a public statement, the National Center of Incident Readiness and Strategy for Cybersecurity, or NISC, announced that personal data from email communications between October 2022 and June 2023 may have been compromised (via NISC).
Hacking is not only complicated but in most cases also criminal. In a game, you can try it out now without legal consequences:
What data was compromised? The exact extent of the leak remains unclear, but both the government and private partners with whom NISC was in contact were likely affected. As a result, the agency sent warnings to affected organizations and is working with external specialists to analyze the damage.
An official from NISC told the Financial Times that, according to existing findings, only the email system was affected. However, he did not want to comment on whether the attack was indeed carried out by Chinese state-sponsored hackers, as mainly suspected by the US side, according to the Financial Times report.
China as a possible puppeteer
What does this mean for Japan’s cybersecurity? The incident occurred at a sensitive time: Japan is deepening its military cooperation with the USA, UK, and Italy – among other things, as part of a joint fighter jet project, where highly classified technology is being exchanged.
According to the Financial Times, both US and UK cybersecurity experts expressed doubts about whether Japan is capable of securely storing sensitive data.
Why China in particular? In the past five years, Japan has been subjected to a series of cyberattacks attributed to a China-associated hacking group called MirrorFace (via NISC). This group, also known as Earth Kasha, has been identified as part of the larger APT10 network, which has links to the Chinese Ministry of State Security (via Forbes).
The attacks targeted critical sectors in Japan, including national security and the high-tech industry, repeatedly raising alarms about the country’s cybersecurity vulnerabilities.
Attacks on critical infrastructure are among the most serious cybercrimes. While governments are exposed to great risks, Japan is also taking action against manipulation in the gaming industry – as a current case shows: In Japan, a hacker was arrested for selling manipulated Pokémon game saves for 30 euros
