China’s MirrorFace Hacking Group Has Launched Over 200 Cyberattacks on Japanese Govt, Firms Since 2019, Says NPA

The Yomiuri Shimbun

15:30 JST, January 9, 2025

The Chinese hacking group MirrorFace has carried out 210 cyberattacks on Japanese government agencies and companies, among others, since 2019, in an apparent attempt to steal confidential information related to security and advanced technology, according to the National Police Agency.

The targets of the attacks include the Japan Aerospace Exploration Agency (JAXA), Liberal Democratic Party members in the Diet, the Foreign Ministry, the Defense Ministry and the National Security Secretariat, according to a government source.

MirrorFace is believed to be associated with APT10, a hacking group affiliated with China’s intelligence agency, the State Security Ministry.

Since December 2019, MirrorFace has sent targeted emails with attachments containing malware to 173 organizations and individuals, including government agencies, politicians, think tanks and media companies, the NPA announced Wednesday.

Hackers pretended to be experts or former executives of the targeted organizations, and hoping to catch people’s attention, they sent their malware-containing emails under such subject lines as “Taiwan Strait” or “Japan-U.S. alliance,” the police said.

The hackers have been trying since February 2023 to break into the networks of 37 companies and organizations in the semiconductor, electronic communications and aerospace industries, among others, by exploiting vulnerabilities in virtual private networks (VPNs).

In most of the attacks, there have been no confirmed leaks. Still, there have been cases in which information on individual terminals or organizational networks has been viewed or stolen.

The malware’s source code contained simplified Chinese characters used in China.

The NPA believes that the cyberattacks are a systematic operation that is likely linked to the Chinese government. As the cyberattacks are still ongoing, the NPA urges people to be careful with emails, and is also calling on companies to improve their monitoring of communication records.

In recent years, there have been a number of cyberattacks linked to nation states. The attacks on JAXA and other organizations in 2016 and 2017, and the attack on Mitsubishi Electric Corp. uncovered in 2020, are believed to have been carried out by a separate Chinese hacking group.

In May last year, a North Korean hacking group was involved in the theft of bitcoins worth ¥48.2 billion from a Japanese cryptocurrency exchange.

The government aims to introduce an active cyber defense to prevent cyberattacks on critical infrastructure and other targets, and it plans to submit a bill to the ordinary session of the Diet that will convene on Jan. 24.