Japan’s National Police Agency (NPA) has linked more than 200 cyberattacks from the past five years to the Chinese state-linked hacker group MirrorFace, the agency announced this week.
The attackers are targeting national security and information technology, meaning these are espionage-related attacks. MirrorFace has targeted Japanese politicians, journalists, and its defense and foreign ministries. Some of these attacks were email phishing attacks, where hackers used compromised email addresses to send malware disguised as an invitation to a dashboard to the potential victim. They used email subject lines such as “Russia-Ukraine War,” “Free and Open Indo-Pacific,” “Japan-US Alliance” or “Taiwan Strait,” the Associated Press reports.
The MirrorFace hackers have also exploited existing VPN flaws to target Japanese aerospace institutions as well as semiconductor firms to view private information, but it is unclear which VPN services were exploited.
The Japan Aerospace Exploration Agency (JAXA) is one of the organizations that MirrorFace has targeted through VPN flaws. Of its 1,600 staff members, 207 had their Microsoft 365 cloud accounts breached, including President Hiroshi Yamakawa and other executives, Nikkei Asia previously reported.
“The attacker appears to have exploited a vulnerability in the VPN to gain initial access to some of JAXA’s internal servers and computers, further expanded the scope of unauthorized access to steal JAXA user account information, and used the to illegally access information managed on JAXA’s Microsoft 365 Service by posing as its legitimate user,” Yamakawa said in a press release in July, adding: “We have confirmed that some of the information managed by JAXA has been leaked due to this cyber attack.” The space agency said the hackers did not have access to its missile, satellite or defense data.
Chinese Foreign Ministry spokesman Guo Jiakun denied the NPA’s claims in a press statement on Thursday. “China resolutely opposes and fights all forms of hacker attacks in accordance with the law and opposes the politicization of cyber security issues. This position is consistent and clear,” Jiakun said.
“As many can see, the virtuality of cyberspace makes it difficult to trace the source of actions, and the actors in cyberspace are diverse. It is neither professional nor responsible for the relevant Japanese institutions to make judgments based only on objectives and methods of hacking attacks”, added the spokesperson.
Recommended by our Editors
The spokesman also blamed “some US allies” as well as the US itself for “spreading misinformation” about China. “We hope that all parties will approach cyber security issues based on facts, guided by international rules and with objectivity, fairness and professionalism instead of playing supporting roles in political stunts,” Jiakun said.
Last week, the US sanctioned Chinese firm Integrity Tech for helping Flax Typhoon hackers carry out cyber attacks by facilitating a botnet of at least 260,000 compromised devices. And in December, the US Treasury Department said some of its computer systems and some unclassified documents were accessed by Chinese-backed hackers, prompting the department to take its exposed systems offline.
Like what you’re reading?
Register for Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. By clicking the button, you confirm that you are over 16 years of age and agree to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
About Kate Irwin
journalism
