Japan Police Warn of ‘BlackTech’ Chinese Hackers; Repeated Cyber-Attacks Against Japanese Companies

The Yomiuri Shimbun

13:25 JST, September 28, 2023

The National Police Agency said Wednesday that the cyber-attack group known as BlackTech, which is believed to be based in China, had repeatedly attacked Japan, the United States, Taiwan and other countries.

The Japanese government disclosed the name of group based on a method called “public attribution,” a technique used by the government for the sixth time. In public attribution, the name of the attacker, their purpose and other information are made public, because it is regarded as an effective tool to deter attacks.

According to the NPA, BlackTech has repeatedly targeted the media and telecommunication industries, among other sectors, of Japan and the United States since around 2010, seemingly in an attempt to steal information.

The Metropolitan Police Department’s Public Security Bureau and the NPA’s special investigation unit on cyber-attacks launched the investigation after being consulted by Japanese companies, and confirmed that the methods and the characteristics of the malicious program used by BlackTech, which had been confirmed by the U.S. authorities in their investigations, matched those of the attacks in Japan.

BlackTech’s main method of attack to target companies online is to log on to a company’s internal network from an overseas router before entering the system of their headquarters or another corporate bases to steal information. Since the hackers hijack routers and disguise their communications as legitimate ones, most victimized companies are said not to notice the damage until some time later.

Even routers at ordinary households are sometimes hijacked for this purpose.

“Attacks on Japanese entities are continuing. We advise the security of companies’ affiliates and overseas offices are enhanced, too,” a senior NPA official said.