JAXA among 200 Japanese entities cyber-attacked; Chinese military suspected

REUTERS/Kacper Pempel/Illustration
A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017.

A group of hackers thought to be directed by the Chinese military is suspected of conducting cyber-attacks on about 200 Japanese research institutions, universities and companies — including the Japan Aerospace Exploration Agency (JAXA) and firms in the defense and aviation industries — police investigative sources have said.

The Metropolitan Police Department’s Public Security Bureau found that a member of the Chinese Communist Party in his 30s used false names to rent servers identified to have been used for cyber-attacks.

China has been implicated in cyber-attacks on defense-related companies, but it is unusual for a person involved to be identified. The bureau believes that important information was targeted.

According to the investigative sources, the man is a systems engineer living in China. He is suspected of renting servers in Japan under false names five times in 2016 and 2017 via the internet.

When questioned by the police during a visit to Japan, the man admitted to using a false name to rent servers and said that he had sold the server IDs and passwords to earn money.

The MPD launched an investigation against a series of cyber-attacks in 2016 and 2017 that targeted JAXA, IHI Corp. and others. The police identified servers used in the attacks and found that they had been used by two Chinese people, including the man, who rented them multiple times under false names and provided information to a Chinese hacker group called Tick.

The rental servers seem to have been exploited as a stepping-stone to hide the source of the attacks.

The other person of interest is an exchange student, who is believed to have received instructions from a member of unit 61419, a cyber-attack taskforce within the Chinese military, according to the sources.

The two have already left Japan. The Public Security Bureau sent papers Tuesday regarding one of them — the Communist Party member — to the Tokyo District Public Prosecutors Office on suspicion of illegally creating and using private electromagnetic records. The man is said to be working for a major Chinese telecom company.

Tick is believed to be a group of hackers primarily targeting classified defense information in Japan and South Korea by such means as introducing viruses into systems found vulnerable.

The police think the Chinese military’s unit 61419 is behind a series of cyber-attacks on Japanese defense-related companies. They are identifying the damage suffered by targeted institutes, universities and firms and alerting them to the situation.

A JAXA spokesperson told The Yomiuri Shimbun, “It’s true that we were subject to illicit connections, but there was no information theft or other harm.”