Japan Links 200 Cyberattacks To Chinese Hackers MirrorFace

Japanese officials have linked a Chinese hacking group to hundreds of cyberattacks, and stressed the need to bolster cyber defences.

The Associated Press reported that Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data, to a Chinese hacking group, MirrorFace.

Only last month in December 2024, Japan Airlines blamed an hours-long disruption to its systems in the midst of the end-of-year travel rush on a cyberattack. It said there was no impact on flight safety, and no customer data was compromised.

Chinese hackers

Also in 2024, a cyberattack paralysed operations at a container terminal at a Japanese port in the city of Nagoya for three days.

In November 2023 the Japanese government said the Japan Aerospace Exploration Agency (JAXA) had been hacked, but no sensitive data on rockets or satellites was compromised.

In late 2020 a cyberattack took down the official website of the Japanese nuclear regulator (Nuclear Regulation Authority or NRA) for a number of hours.

Now Japan’s National Police Agency (NPA) said its analysis on the targets, methods and infrastructure of the cyberattacks by MirrorFace from 2019 to 2024 concluded they were systematic attacks linked to China with an aim of stealing data on Japanese national security and advanced technology.

Japan reportedly noted that the targets of the Chinese government-led cyberattacks included Japan’s Foreign and Defence ministries, the country’s space agency and individuals including politicians, journalists, private companies and think tanks related to advanced technology, the NPA said.

The AP reported that experts have repeatedly raised concerns about Japan’s cybersecurity protections and the vulnerability of its infrastructure.

In November 2021 the country’s then Prime Minister Shinzo Abe had welcomed the creation of the AUKUS security pact between Australia, the UK and US, and stated that Japan should seek to work with AUKUS members on cybersecurity, artificial intelligence, and quantum computing.

MirrorFace tactics

The Associated Press reported that the NPA investigation had found that MirrorFace sent emails with attachments (often from Gmail and Microsoft Outlook addresses using stolen identities) containing malware to targeted organisations and individuals to view data saved on computers mainly from December 2019 to July 2023.

The emails typically used as subjects key words such as “Japan-US alliance,” “Taiwan Strait,” “Russia-Ukraine war” and “free and open Indo-Pacific,” and included an invitation for a study panel, references and a list of panellists, the NPA reportedly said.

In another tactic, the hackers targeted Japanese organisations in areas of aerospace, semiconductors, information and communications from February to October 2023 by exploiting vulnerabilities in virtual private networks to gain unauthorised access to information.

Japan’s NPA reportedly called on calling on government departments, agencies and businesses to reinforce preventive measures.