The National Police Agency (NPA) of Japan has identified over 200 cyberattacks in the past five years that have been linked to the Chinese state-affiliated hacking group known as “MirrorFace.” These cyberattacks were primarily aimed at gathering national security and technology information, indicating that they were part of espionage-related activities. MirrorFace specifically targeted Japanese politicians, journalists, as well as the defense and foreign ministries in their attacks.
One of the common tactics used by the hackers from MirrorFace included email phishing attacks, where compromised email addresses were used to send malware disguised as invitations to potential victims. The subject lines of these emails were carefully crafted to attract the recipients’ attention, with topics such as “Russia-Ukraine war,” “free and open Indo-Pacific,” “Japan-US Alliance,” and “Taiwan Strait” being utilized.
In addition to email phishing, MirrorFace hackers also took advantage of vulnerabilities in Virtual Private Network (VPN) services to target Japanese aerospace institutions and semiconductor firms. By exploiting these flaws, the hackers were able to gain unauthorized access to private information within these organizations. Notably, the Japan Aerospace and Exploration Agency (JAXA) was among the targets of MirrorFace’s VPN-related cyberattacks. Approximately 207 staff members at JAXA had their Microsoft 365 cloud accounts compromised, including top executives like President Hiroshi Yamakawa.
Yamakawa addressed the cyberattack in a press release, stating that the hackers exploited a vulnerability in the VPN to gain initial access to JAXA’s internal servers and computers. This unauthorized access was then used to steal user account information and gain illegitimate access to the information stored on JAXA’s Microsoft 365 service. While some information managed by JAXA was compromised as a result of the cyberattack, sensitive data related to rockets, satellites, and defense systems remained secure.
In response to the NPA’s allegations, China’s Foreign Ministry Spokesperson Guo Jiakun denied any involvement in the cyberattacks attributed to MirrorFace. Jiakun emphasized China’s opposition to all forms of hacker attacks and urged for cybersecurity issues to be addressed based on facts and international rules rather than politicizing the situation. The spokesperson also criticized certain allies of the US and the US itself for allegedly spreading misinformation about China’s involvement in cyberattacks.
Recent actions by the US, such as sanctioning Chinese firm Integrity Tech for assisting Flax Typhoon hackers in conducting cyberattacks, have further exacerbated tensions surrounding cybersecurity issues. Additionally, the US Treasury Department reported unauthorized access to some of its computer systems and unclassified documents by China-backed hackers, prompting the department to take precautionary measures by temporarily shutting down exposed systems.
As the complexities of cybersecurity threats continue to evolve, it is evident that global cooperation and adherence to established norms and rules are essential in addressing these challenges. The ongoing dialogue between nations and cybersecurity experts remains crucial in mitigating the risks posed by state-affiliated hacking groups like MirrorFace and ensuring the security of critical information systems and infrastructure.