Virtual screen on tablet with security alert showing Chinese hackers security breach of Japan cyber security agency

Security Breach at Japan’s Cyber Security Agency May Have Been the Work of Chinese Hackers

Sources speaking to the Financial Times, under condition of anonymity, are blaming a long-term breach of Japan’s national cyber security agency on state-backed Chinese hackers. The security breach occurred in October 2022 and was disclosed in August of this year.

The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has not yet attributed the attack to anyone. The Financial Times sources include three highly placed government and private sector representatives familiar with the investigation. This follows an early August report from the Washington Post, drawing on similar anonymous sources, that claimed China’s state-backed hackers penetrated the country’s defense network in a 2020 security breach and dwelled there for years.

Japan’s cyber security agency being “tested” by China

The Financial Times sources say that China’s hackers are systematically testing Japan’s defenses and the cyber security agency’s capability, and that the campaign includes an early July attack on the Port of Nagoya that had previously been attributed to the Lockbit ransomware group. That attack forced a suspension of operations at the port for about two days, backing up cargo due to the shutdown of systems needed to operate the terminals.

Though NISC has not made a public attribution in the attack on the cyber security agency, it responded to the Financial Times report by saying that the incident was limited to a breach of the agency’s email system. NISC had previously disclosed in early August that personal data sent in emails may have been compromised in the security breach, and that this information may be used in targeted phishing and social engineering attempts conducted by phone or email.

The security breach reportedly began in October, but the cyber security agency did not discover it until this past June. It is unclear if this was another case of the NSA or some other foreign source first finding evidence of the breach and tipping off Japanese officials, as was indicated in the Washington Post report.

The issue has cropped up at a very sensitive and difficult time. Amidst the tensions over Taiwan, intelligence sharing between the US and Japan is particularly critical. The prior Washington Post report indicated that the US might have to re-evaluate what it shares with its biggest military partner in the region given the seriousness of these security breaches and the extended dwell times the Chinese hackers enjoyed. Japan appears to be responding to these concerns, announcing that it is adding 4,000 new staff members to the cyber security agency and boosting the budget by 1,000% over the  next five years. The unit presently has about 900 members; by comparison, US cyber defense fields a staff of over 6,000.

Repeated security breaches strain foreign relationships

Though the anonymous sources indicate that the US may be reconsidering how it shares information with Japan’s cyber security agency, in public the two countries (along with South Korea) have recently reaffirmed their mutual defense commitment in the Indo-Pacific region. This involves not just potential Chinese aggression in the area, but also the missile program of North Korea and its own ventures in aggressive hacking and money laundering. North Korea has its own extremely active state-backed hacking program, and one that is not hesitant to steal money as a means of funding the regime.

Japan’s cyber security agency is hardly the only focus of China’s state-backed hackers as of late. In July, Microsoft disclosed that they broke into both the US State and Commerce Departments (among other numerous federal and local agencies) and rifled through email accounts, though a government spokesperson has said that this was limited to non-classified Outlook accounts. Another report (also backed by anonymous official sources) from the same period found that Chinese hackers have seeded malware throughout US defense networks in a wide-ranging security breach. China is thought to have done something similar in Mumbai in October of 2020, temporarily cutting off power to the city as the two countries engaged in a border skirmish in the Himalayas. A similar attack in Ladakh in 2022 was also attributed to China by investigating security firms.

China’s hackers have also been historically unafraid to target private companies in other countries for intelligence purposes or theft of intellectual property. Two of the biggest security breaches of the past decade, the Equifax 2017 data breach that exposed the credit reports of nearly half of the US population and the 2018 breach of Marriott’s Starwood reservations system, have both been attributed to Chinese hackers by various sources. And a 2022 report highlighting China’s APT41 threat group found that the hackers likely stole trillions of dollars worth of intellectual property from about 30 multinational companies in assorted industries from 2019 to 2021.