The National Police Agency of Japan has attributed over 200 cyberattacks in the past five years to the Chinese hacker group MirrorFace. These attacks, targeting national security and cutting-edge technological data, were carried out between 2019 and 2024.
According to police reports, the hackers targeted the Ministries of Foreign Affairs and Defense, the Japan Aerospace Exploration Agency (JAXA), as well as politicians, journalists, private companies, and think tanks involved in advanced technologies. MirrorFace’s primary objective was the theft of data related to national security and high technology.
To execute their attacks, the group employed phishing emails containing malicious attachments, sent via Gmail and Microsoft Outlook using stolen accounts. The emails were crafted around globally relevant topics such as the “Japan-U.S. alliance,” “Ukraine,” and the “Free and Open Indo-Pacific region.” The hackers also exploited vulnerabilities in virtual private networks (VPNs) to gain unauthorized access.
One notable target was JAXA, where several hacking attempts were recorded starting in 2023. Despite these efforts, no confidential data on rockets or satellites was compromised. The agency continues to strengthen its cybersecurity measures.
Japanese organizations have long been frequent targets of cyberattacks. In July 2023, hackers disrupted operations at a container terminal in the Port of Nagoya. Later, at the end of 2024, Japan Airlines suffered a cyberattack that paralyzed its systems, leading to the cancellation of more than 20 flights. While the airline swiftly restored its systems and mitigated the impact, the growing frequency of such incidents is concerning.
Experts emphasize the urgent need for Japan to bolster its cybersecurity defenses, particularly as the nation enhances its defense capabilities and deepens its alliance with the United States.
