Japan Under Cyber Attack: Who and Why?

Japan is currently facing cyber attacks from multiple attackers with both spy and financial motivations, according to a new report by Rapid7.

The report reveals that three out of the four countries that are typically sources of state-sponsored threats are specifically targeting Japan. These countries are China, North Korea, and Vietnam.

Furthermore, the report highlights that the production industry in Japan has reported 32.5% of all cases of extortion using specialized software in the first half of 2022. This is a significant increase compared to the 7.9% reported in the same period last year.

Paul Prudom, the head of the threat consulting department at Rapid7, explains that Japanese production organizations are particularly vulnerable to cyber attacks for two main reasons. Firstly, their close connections with global suppliers make them attractive targets. Secondly, their real-time production practices leave them with little room for error, making their processes highly vulnerable.

The report also uncovers that many well-known Japanese companies have a global presence and recognizable brands, particularly in the production, automotive, and technology sectors. Often, the compromise of these Japanese parent companies occurs due to vulnerabilities in their foreign subsidiaries or affiliated companies.

One such example is Panasonic, where its Indian unit experienced a data breach demanding ransom in October 2020, followed by hackers targeting its Canadian unit in February 2022. Both attacks had ramifications on the parent company.

Chinese-associated groups have employed similar tactics, targeting a wide range of industries. A subgroup of the Chinese APT10 known as Earth Tengshe or Bronze Riverside, for instance, focused on accessing foreign subsidiaries and suppliers of Japanese production, engineering, electronic, automobile, energy, and technological companies. Their objective was to gain access to the parent companies based in Japan.

Vietnam has also been involved in attacks on Japanese companies. The state-sponsored APT32 group, also known as Oceanlotus, has shown a particular interest in foreign competitors within the emerging Vietnamese automotive industry.

In 2019, an anonymous representative from one of the largest Japanese car manufacturers confirmed that APT32 had targeted the company and its foreign operations. Security researchers discovered that APT32 had created fake domains to mimic the legitimate infrastructure of the automotive manufacturer as a vector for their attack.

/Reports, release notes, official announcements.