Japan's National Police Agency has uncovered an extensive cyber espionage campaign targeting government agencies and private companies across the country. The attacks, attributed to a Chinese hacker group called Mirror Face, took place between 2019 and 2024, resulting in 210 documented security breaches.
The group, believed to have connections to China's Ministry of State Security through its ties with APT10, specifically targeted organizations handling sensitive security information. Among the victims were the Japan Aerospace Exploration Agency (JAXA), Ministry of Foreign Affairs, Ministry of Defense, as well as serving politicians and lawmakers.
The hackers employed sophisticated email phishing campaigns, crafting messages with subject lines related to pressing geopolitical issues like U.S.-Japan relations, Taiwan Strait tensions, and the Russia-Ukraine conflict. When recipients opened infected email attachments, malware would compromise their systems, allowing attackers to extract confidential information.
Private sector companies in strategic industries, including information technology, communications, and semiconductors, were also targeted. JAXA reported a major data breach in 2023 as part of these attacks.
The National Police Agency's investigation revealed strong evidence of Chinese involvement through analysis of the malware used in the attacks. The Yomiuri Shimbun reported that the primary goal appeared to be stealing advanced technological information related to national security, semiconductors, and aerospace industries.
In response, Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has issued warnings about Mirror Face's activities. The scale and sophistication of these attacks highlight growing concerns about state-sponsored cyber espionage targeting Japan's critical infrastructure and sensitive technologies.
The systematic nature of the attacks, coupled with the strategic selection of targets, points to a coordinated effort to gather intelligence about Japan's technological capabilities and national security preparations. This campaign represents one of the most extensive documented cyber operations against Japanese interests in recent years.