The organisation responsible for Japan’s national defences against cyber attacks has itself been infiltrated by hackers, who may have gained access to sensitive data for as much as nine months.
According to three government and private sector sources familiar with the situation, Chinese state-backed hackers were believed to be behind the attack on Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which began last autumn and was not detected until June.
The discovery of the incident and the sensitivity of the target comes at a time of unprecedented scrutiny of Japan’s vulnerability to cyber attack. Tokyo is embarking on deeper military co-operation with the US and regional allies, including work on a joint fighter project with the UK and Italy, in which top secret technological data will be exchanged.
Government cyber security experts in both the US and UK have expressed strong reservations about Japan’s ability to safely handle data.
This month the Washington Post reported the discovery of a massive attack on Japan’s defence networks by Chinese military hackers carried out in late 2020. In July, the port of Nagoya was temporarily closed down in what was believed to be a Russian ransomeware attack. But concerns have been raised at the highest levels in Tokyo over whether the incident was part of an attempt by state actors such as China to test Japan’s defences.
NISC announced in early August that some personal data linked to email exchanges between October last year and June this year may have leaked after its email system was hacked. The breach appeared to have been made via the email account of an individual staff member, NISC said.
NISC sent a series of emailed notices to private and governmental partners in Japan and overseas warning them that data might have been compromised. In the public statement, NISC said that following an investigation by outside specialists it had “just discovered that email data may have leaked outside” and that it had notified people who were involved in the email exchanges.
NISC is a unit that sits within the Cabinet Office in the top echelons of the Japanese government, and two people familiar with the attack said it had triggered an investigation into whether the access gained had allowed hackers to target other, highly sensitive servers within the same government building in central Tokyo.
An official at NISC said its investigation had concluded that only information on its email system was compromised. The official declined to comment on whether the system was believed to have been invaded by Chinese state-sponsored hackers.
One person familiar with the matter said the incident appeared to have had Chinese backing. “There is always a small element of doubt, but given the style of attack and the nature of the target itself, we can say with almost complete certainty that this originated with a state actor, and that the actor was most probably China,” the person said.
Another said they believed China was “without doubt” behind the attack.
China’s foreign affairs ministry dismissed claims that the country was behind the attack. It said the NISC statement did not mention China and urged Tokyo to look instead at the US, which it said was known for spying on allies.
“WikiLeaks previously disclosed that the US carried out cyber espionage against Japan, including cabinet members,” China’s foreign ministry said. “Could they [Japan’s cyber experts] be focusing their attention in the wrong direction?”
In 2015, the WikiLeaks website published documents allegedly showing the US spied on Japanese cabinet officials, banks and companies.
Efforts by Japan to bolster its powers to defend against cyber attacks have been constrained by a lack of personnel and digital expertise.
Government plans have focused on increasing the size and training facilities for the cyber unit that sits within Japan’s Self-Defense Forces. At the end of March, the group had just under 900 members, compared with the estimated 6,200 in its US counterpart and at least 30,000 in China.
Additional reporting by Kana Inagaki in Tokyo and Joe Leahy in Beijing
The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) in Japan, which is responsible for defending against cyber attacks, has been infiltrated by hackers. The attack, believed to be carried out by Chinese state-backed hackers, began last autumn and went undetected until June. This breach is particularly concerning as Japan is currently facing increased scrutiny regarding its vulnerability to cyber attacks. The country is engaging in deeper military cooperation with the US and other allies, including sharing top-secret technological data. However, cyber security experts in the US and UK have expressed reservations about Japan's ability to handle data securely.
In recent months, there have been other cyber attacks on Japan's defense networks, including a massive attack by Chinese military hackers in late 2020 and a ransomware attack believed to be carried out by Russia on the port of Nagoya. These incidents have raised concerns in Tokyo about potential attempts by state actors, such as China, to test Japan's defenses.
NISC recently announced that personal data linked to email exchanges between October 2020 and June 2021 may have been leaked after its email system was hacked. The breach appears to have occurred through the email account of a staff member. NISC has notified its partners in Japan and overseas about the potential compromise of data.
NISC is a unit within the Japanese government's Cabinet Office, and there are concerns that the hackers may have gained access to other sensitive servers within the same government building. However, NISC officials have stated that only information from their email system was compromised.
While China's foreign affairs ministry has dismissed claims of involvement in the attack, some individuals familiar with the matter believe that China is likely responsible. They cite the style of attack and the nature of the target as evidence. In response, China's foreign ministry suggested that Japan should focus on the US, which has been known to spy on its allies.
Japan has been working to strengthen its defenses against cyber attacks, but it faces challenges due to a lack of personnel and digital expertise. Efforts have focused on expanding the cyber unit within Japan's Self-Defense Forces, but it still lags behind its counterparts in the US and China in terms of size and capabilities.
