Chinese Military Seen Behind Japan Cyber-Attacks, NHK Says
A lock screen from a cyber attack warns that data files have been encrypted on a laptop. (Photographer: Simon Dawson/Bloomberg)

Chinese Military Seen Behind Japan Cyber-Attacks, NHK Says

China’s military is thought to have instructed a hacker group to conduct cyber-attacks on nearly 200 Japanese research institutions and firms, public broadcaster NHK reported, citing unidentified people in a police investigation.

The investigators found a member of China’s Communist Party made contracts under a false name for rental servers in Japan that were used in the attacks on the Japanese space agency JAXA in 2016, the broadcaster said Tuesday.

Investigators believe the cyber-attacks were carried out by a group known as Tick under the instruction of the People’s Liberation Army. Two men involved with contracts for the servers have left Japan, NHK said.

The cybersecurity firm FireEye Inc., which characterizes Tick as a suspected Chinese espionage group with attacks dating to at least 2009, has seen it target hundreds of Japanese organizations. These include research institutions and government agencies, said John Hultquist, vice president of intelligence analysis at the firm.

Ben Read, a director of analysis at FireEye, said Tick has a primary focus on industries within the Asia-Pacific region that “make significant investments into research and development, offering the opportunity for theft of sensitive intellectual property, to include organizations in defense, heavy industry, aerospace, technology, banking, health care, automotive and media industries.”

In addition, the cybersecurity firm ESET documented that Tick conducted a hack in late February in which the group used a flaw in Microsoft Corp.’s Exchange software for email, which was patched days later, to target an IT company in East Asia.

In the recently reported incident, a Chinese systems engineer in his 30s, who is a Chinese Communist Party member, was referred to prosecutors over his alleged involvement in the attacks, according to Kyodo News, which cited unnamed investigative sources.

The reported allegations, the latest in a series of similar incidents, come amid increasingly difficult relations between Japan and its biggest trading partner. The topic of ties with China dominated the agenda at Prime Minister Yoshihide Suga’s summit with U.S. President Joe Biden in Washington last week.

Japan’s Chief Cabinet Secretary Katsunobu Kato declined to comment on the investigation. He told a regular news briefing Tuesday cyber-attacks on infrastructure were becoming more organized and the government saw responding to such incidents as an important issue.

Responding to a question on the NHK report about the alleged suspect at a regular news briefing in Beijing, Chinese Foreign Ministry spokesman Wang Wenbin said he wasn’t aware of the case. Wang later added cyberspace is made up of many actors whose origins are difficult to trace and warned against making accusations in cybersecurity cases.

“In designating an incident, there must be ample evidence. It cannot be based on presumption,” he said. “We are against other countries smearing us on cybersecurity or using this issue to serve its despicable political agenda.”

Cyber-attacks are a common threat to all countries and China too was a victim, he added.

A JAXA spokesperson confirmed it was the subject of an unauthorized access that seemed to be a cyber-attack, but suffered no damage, according to NHK. Japan has been seeking to beef up its cyber defenses in recent months.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.