Japan Links Over 200 Cyberattacks to Chinese Hacking Group MirrorFace
Japan has attributed more than 200 cyberattacks over the past five years to MirrorFace, a Chinese hacking group targeting national security and high-tech data. The National Police Agency (NPA) released its findings on Wednesday, detailing the group’s tactics and urging government agencies and businesses to strengthen their cybersecurity defenses.
Systematic Cyber Espionage Targeting Japan
The NPA's analysis of MirrorFace’s operations from 2019 to 2024 concluded that the attacks were systematic and aimed at stealing sensitive data related to Japan’s national security and advanced technology. Among the targets were Japan’s Foreign and Defense ministries, the space agency JAXA, as well as politicians, journalists, private companies, and think tanks specializing in high technology.
Cybersecurity experts have long warned about Japan’s vulnerabilities, especially as the country enhances its defense capabilities and deepens its cooperation with the United States and other allies on cyber defense. While Japan has taken steps to improve cybersecurity, experts say more efforts are needed.
Hacking Tactics and Targeted Sectors
MirrorFace primarily employed phishing tactics, sending malware-laden emails to organizations and individuals. These emails, often sent via stolen Gmail and Microsoft Outlook identities, contained subject lines referencing sensitive geopolitical topics such as:
- "Japan-U.S. alliance"
- "Taiwan Strait"
- "Russia-Ukraine war"
- "Free and open Indo-Pacific"
The hackers also disguised their emails as invitations to study panels, including references and lists of panelists, to lure victims into opening malicious attachments.
Between February and October 2023, the group exploited vulnerabilities in virtual private networks (VPNs) to gain unauthorized access to classified information, particularly targeting industries in aerospace, semiconductors, and communications. JAXA Among Key Targets
One high-profile target was the Japan Aerospace Exploration Agency (JAXA), which acknowledged in June that it had suffered cyberattacks since 2023. While JAXA stated that no sensitive data on rockets, satellites, or defense programs was compromised, it has launched an internal investigation and is implementing preventive measures.
Japan’s Response and Call for Stronger Cyber Defenses
With increasing cyber threats from state-sponsored groups, Japan is pushing for stronger cybersecurity frameworks. The NPA’s findings underscore the need for proactive measures to safeguard national security and high-tech industries from foreign cyber espionage.
As Japan deepens its security partnerships, particularly with the U.S., addressing these cyber vulnerabilities will be crucial in countering threats from China and other adversaries.
