SIM REPORT: Northeast Asia, Issue 8

Japan: Cybersecurity initiative spearheading efforts on multilateral cooperation in growing threat landscape

Japan is preparing to take an unprecedented step to lead a multinational cyber-defence exercise this upcoming autumn, according to the Nikkei Asian Review. More than 20 foreign governments will participate, including 10 from the Association of Southeast Asian Nations, the US, UK and France, among others. The exercise will mainly simulate cyber-attacks to national critical infrastructure from varying threat actors and vectors, and it is occurring in the context of continually evolving threats from numerous state- and non-state sponsored actors. For Japan, the top cybersecurity threat arguably emanates from China, followed by North Korea. 

Earlier this year, the Defence Ministry acknowledged that Japanese companies with ties to the defence sector, such as Nippon Electric Company (NEC), Mitsubishi Electric, Kobe Steel Ltd and Pasco Corp, were hacked by Advanced Persistent Threat 10 or APT 10 group from China. These attacks spanned over ‘several years’ up until 2018 in the case of NEC, and between 2016 and 2020 for the other companies, who had sensitive defence-related and human resources data stolen by APT 10. 

Recently reported cyber incidents include: 

• DoppelPaymer ransomware attack on Vuteq Corporation, Daisho Company and Asunaro Aoko Construction Company 

• RansomEXX ransomware attack on business technology firm Konica Minolta 

• Maze ransomware attack on optical imagery company Canon 

• MoqHao Android malware impersonated Mizhuho Bank app 

• North Korean APT, Lazarus group, infiltrated Japanese software development and e-commerce firms 

• A threat actor offered to sell around 150,000 entries of customer records stolen from the database of Fujifilm Medical Japan System 

(Incident attack data sourced from Cyjax Ltd)

As Japan was set to host the 2020 Summer Olympics and Paralympic Games (now postponed to 2021) in Tokyo before the coronavirus pandemic, the government had been paying an increasing amount of attention to cyber threats, especially those against financial institutions. In September 2019, the Bank of Japan conducted a survey of 402 financial firms that revealed that 40 per cent of them had been attacked and 10 per cent suffered business disruption. More than 70 per cent were concerned about the growing threat landscape, but only 40 per cent of companies did not have dedicated in-house cybersecurity functions. 

More recently during the coronavirus (COVID-19) pandemic, there has been a significant upswing in attacks from China, including those targeting research institutions and pharmaceutical companies developing COVID-19 vaccines. In July, two ‘private’ China-based threat actors, alleged to have received support from the Chinese Ministry of State Security (MSS), were indicted on charges of cyberespionage. They had targeted firms based in the US, UK, Germany, Belgium, Lithuania, Netherlands, Spain, Sweden and Japan, among others. 

These semi-independent actors undoubtedly complicate the threat in cyberspace, but their operations seemingly fulfil a form of ‘ad-hocracy’ that advances the agenda of the state. In general, these ‘patriotic attackers’ are unlikely to have any direct ties to the state nor will there likely be evidence linking them, affording that state better plausible deniability. 

Cyber-conflict and crimes are pervasive threats and are becoming more influential in shaping geopolitics, elevating tensions among different governments while disrupting operations for organisations. It is becoming increasingly challenging for governments and the private sector to keep pace with threats that are rapidly evolving and becoming more hazardous. Recent attacks against Japanese companies are a sample of the variety of targets that are touchable in a digitally-connected space, and their respective utilities as a weapon in geopolitical rivalries portends to an increasingly hazardous operational environment.  


Japan & South Korea: Despite appeal, continued possibility of asset seizure threatens to fray bilateral relations and intensify trade dispute