The Japanese government issued a warning on Wednesday, saying a Chinese hacker group has targeted and compromised dozens of government agencies, companies and individuals in the country since 2019.
Japan's National Police Agency and the National Cybersecurity Incident Preparedness Strategy Center have attributed the years-long hacking incident to a group called MirrorFace.
According to a machine translation, authorities said in a warning: “The Mirrorface attack campaign is a coordinated cyberattack suspected to be linked to China, and is designed to steal information related to Japan's national security and advanced technology. “It is the main purpose.”
A longer version of the alert said targets included Japan's foreign ministry, defense ministry and space agency, as well as politicians, journalists, private companies and high-tech think tanks, according to the Associated Press.
In July 2024, Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) announced in a blog post that Mirror Face's “initial targets were the media, political groups, think tanks, and universities, but from 2023 onwards, it will target manufacturers and researchers. It has transitioned into an institution.”
In 2022, cybersecurity firm ESET published findings detailing a spear-phishing email campaign conducted by MirrorFace that targeted Japanese political groups and specific politicians ahead of the Japanese election. At the time, the company said MirrorFace did not appear to have any ties to other known Chinese government hacking groups.
Spear phishing is the same technique used by Mirrorface in the years-long campaign revealed on Wednesday. According to the alert, Mirrorface sent emails containing malicious attachments in three separate campaigns. The first targeted individuals working for think tanks, current and retired politicians, and journalists from 2019 to 2023. Another campaign, which has been running since 2023, targets internet-connected network devices used by companies in the “semiconductor, manufacturing, information and communications, academic, and aerospace sectors.” The third one will begin around June 2024 and will target “academics, think tanks, politicians, and the media” in Japan. According to machine translation of the document.
Japan, a longtime ally of the United States, has a pacifist constitution, which experts say contributes to the limits of Japan's capabilities in cyberspace. In 2023, the Washington Post reported that the US National Security Agency discovered that Chinese military hackers had penetrated some of Japan's most sensitive classified defense networks in 2020.