The Japanese government published an alert on Wednesday accusing a Chinese hacking group of targeting and hacking dozens of government organizations, companies, and individuals in the country since 2019.
Japan’s National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity attributed the years-long hacking spree to a group called MirrorFace.
“The MirrorFace attack campaign is an organized cyber attack suspected to be linked to China, with the primary objective of stealing information related to Japan’s national security and advanced technology,” the authorities wrote in the alert, according to a machine translation.
A longer version of the alert said the targets included Japan’s Foreign and Defense ministries, the country’s space agency, as well as politicians, journalists, private companies and tech think tanks, according to the Associated Press.
In July 2024 Japan’s Computer Emergency Response Team Coordination Center (JPCERT/CC) wrote in a blog post that MirrorFace’s “targets were initially media, political organisations, think tanks and universities, but it has shifted to manufacturers and research institutions since 2023.”
In 2022, cybersecurity firm ESET published research detailing a spearfishing email campaign carried out by MirrorFace that targeted Japanese political entities and specific politicians ahead of elections in the country. At the time, the company said MirrorFace does not appear to be linked to other known Chinese government hacking groups.
Spearphishing is the same technique used by MirrorFace in the years-long campaign revealed on Wednesday. The alert said MirrorFace sent emails containing malicious attachments in three separate campaigns: one from 2019 to 2023 targeting individuals working for think tanks, active and retired politicians, and journalists; another campaign operating since 2023 targeting internet-connected network devices used in companies in the “semiconductor, manufacturing, information and communications, academic, and aerospace sectors;” and a third starting around June 2024 that targeted “academics, think tanks, politicians, and the media” in Japan; according to a machine translation of the document.
Japan, a long-time ally of the United States, has a pacifist constitution, which experts argue has contributed to its limited capabilities in cyberspace. In 2023, The Washington Post reported that the U.S. National Security Agency discovered in 2020 that Chinese military hackers had compromised some of the most sensitive classified defense networks in Japan.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact Lorenzo securely on Signal at +1 917 257 1382, on Keybase/Telegram @lorenzofb, or via email at lorenzo@techcrunch.com.
Subscribe for the industry’s biggest tech news