(Credit: F01 Photo/Shutterstock.com)
Japan's National Police Agency (NPA) has tied over 200 cyberattacks from the last five years to the Chinese state-affiliated hacking group "MirrorFace," the agency announced this week.
The attackers are targeting national security and technology information, meaning they're espionage-related attacks. MirrorFace has targeted Japanese politicians, journalists, and its defense and foreign ministries. Some of these attacks were email phishing attacks, where the hackers used compromised email addresses to send malware disguised as an invitation to a panel to the potential victim. They used email subjects like "Russia-Ukraine war," "free and open Indo-Pacific," "Japan-US Alliance," or "Taiwan Strait," the Associated Press reports.
MirrorFace hackers also leveraged existing VPN flaws to target Japanese aerospace institutions as well as semiconductor firms to view private information, but it's unclear which VPN services were exploited.
Japan Aerospace and Exploration Agency (JAXA) is one of the organizations MirrorFace has targeted via VPN flaws. Of its 1,600 staff members, 207 saw their Microsoft 365 cloud accounts breached, including President Hiroshi Yamakawa and other executives, Nikkei Asia previously reported.
"The attacker seems to have exploited a vulnerability in the VPN to gain the initial access to some of JAXA’s internal servers and computers, further expanded the scope of unauthorized access to steal JAXA’s user account information, and used it to illegally access the information managed on JAXA’s Microsoft 365 service, posing as its legitimate user," Yamakawa said in a July press release, adding: "We have confirmed that some of the information managed by JAXA has leaked due to this cyberattack." The space agency said that hackers didn't get access to its data on rockets, satellites, or defense, though.
Recommended by Our Editors
China's Foreign Ministry Spokesperson Guo Jiakun denied the NPA's allegations in a statement to the press on Thursday. "China firmly opposes and fights all forms of hacker attacks in accordance with law and opposes politicizing cybersecurity issues. This position is consistent and clear," Jiakun said.
"As many can see, the virtuality of cyberspace makes it difficult to trace the source of actions, and the actors in cyberspace are diverse. It is neither professional nor responsible for relevant Japanese institutions to make judgments based solely on the targets and methods of the hacking attacks," the spokesperson added.
The spokesperson also blamed "some allies of the US" as well as the US itself for "spreading disinformation" about China. "We hope that all parties will approach cybersecurity issues on the basis of facts, guided by international rules, and with objectivity, fairness, and professionalism rather than playing supporting roles in political stunts," Jiakun said.
Last week, the US sanctioned Chinese firm Integrity Tech for helping Flax Typhoon hackers conduct cyberattacks by facilitating a botnet of at least 260,000 compromised devices. And in December, the US Treasury Department said some of its computer systems and some unclassified documents were accessed by China-backed hackers, spurring the department to take its exposed systems offline.