Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data

Japanese police stated on Wednesday that over 200 cyberattacks targeting Japan's national security and high-tech data over the past five years have been linked to a Chinese hacking group known as "MirrorFace." The police have conducted a detailed analysis of the group's attack strategies and are urging government agencies and businesses to strengthen their preventative measures. This disclosure highlights the serious challenges Japan faces in cybersecurity.

An analysis by the Japanese National Police Agency indicates that from 2019 to 2024, the targets, methods, and infrastructure of "MirrorFace's" cyberattacks demonstrate a systematic pattern with connections to China, aimed at stealing data related to Japan's national security and advanced technologies. These attacks have targeted the Japanese Ministry of Foreign Affairs, the Ministry of Defense, the Japan Aerospace Exploration Agency (JAXA), as well as individuals including politicians, journalists, private companies, and think tanks related to advanced technology.

Experts have repeatedly expressed concerns about Japan's cybersecurity vulnerabilities, especially as Japan strengthens its defense capabilities and works more closely with the United States and other partners to bolster cyber defenses. While Japan has taken some measures, experts believe that more work needs to be done. According to police investigations, "MirrorFace" primarily sent emails with malicious software attachments to targeted organizations and individuals between December 2019 and July 2023 to steal data from computers. These emails often used stolen Gmail and Microsoft Outlook addresses.

The subjects of these emails often used keywords such as "Japan-U.S. alliance," "Taiwan Strait," "Russia-Ukraine war," and "Free and Open Indo-Pacific," and included content like study group invitations, reference materials, and expert lists. Additionally, hackers exploited vulnerabilities in virtual private networks to launch attacks against organizations in Japan's aerospace, semiconductor, information, and communications sectors between February and October 2023 to illegally obtain information. Notably, the Japan Aerospace Exploration Agency (JAXA) also suffered a cyberattack, although sensitive information was not compromised.

Last year, a container terminal at a port in Nagoya was paralyzed for three days due to a cyberattack. More recently, Japan Airlines suffered a cyberattack on Christmas, which led to the delay and cancellation of over 20 domestic flights, although the airline successfully blocked the attack and restored systems within hours, ensuring flight safety was not affected. These incidents demonstrate that Japan's cybersecurity defense system still requires further strengthening.