Katsunobu Katō, the Chief Cabinet Secretary of Japan, has held a press conference where he informed the public about continuous cyber-attacks against the country’s space agency (JAXA) and at least another 200 entities engaging in aerospace engineering and military systems development. The finger was pointed to Chinese hackers, and more specifically to groups that are supported and obviously directed by the Chinese Communist Party.
Tokyo’s Metropolitan Police claims to have already identified a Chinese national who is reportedly working for a state-owned telecommunications service provider. The person visited Japan in the past in the context of an exchange student program, and together with one more individual, they launched cyber-attacks between 2016 and 2018.
One of the most prominent targets of the hackers, who are believed to be members of Unit 61419 (aka “Tick”), was JAXA - but according to Katō, no data was ever exfiltrated, so the attacks weren’t successful. The same applies to the other targeted entities, which were reportedly warned of the ongoing campaigns and aided in applying countermeasures in time.
This is a weird time to report on a cyber-attack that happened three years back and allegedly didn’t yield any results. The Chinese foreign ministry shared the same view, denying any involvement in the claimed cyber-attacks and accusing Japan of “throwing mud” at them.
Indeed, the relations between the two countries aren’t going through the best of times, with the Japanese increasingly adopting a US-directed anti-China agenda. Beijing views this as a betrayal of the region's interests in general, and diplomatic relations between the two countries are getting increasingly colder.
However, that is not to say that Chinese hackers aren’t really targeting Japanese entities. Back in May 2020, we reported a cyber intrusion into Mitsubishi Electric, in which the hackers robbed valuable missile system details. The firm’s investigators attributed the attacks to “Tick” and “Black Tech,” both Chinese hacking groups.
Later, in November 2020, a Symantec report presented a massive-scale campaign orchestrated by the APT10 (aka “Cicada”), also known as “Stone Panda” and “Cloud Hopper,” which is again a Chinese group of hackers. The industry fields targeted by Cicada back then included pharma, electronics, engineering, automotive, and government agencies.