A sophisticated Chinese hacker group has launched 210 cyberattacks against Japanese government institutions and private companies between 2019 and 2024, Japan's National Police Agency disclosed on Wednesday.
The group, known as Mirror Face, targeted multiple high-profile organizations including the Japan Aerospace Exploration Agency (JAXA), Ministry of Foreign Affairs, and Ministry of Defense. Intelligence reports suggest Mirror Face has direct links to APT10, a hacker group connected to China's Ministry of State Security.
The attackers specifically focused on departments handling sensitive security information and companies in strategic sectors like semiconductors, information technology, and communications. Current lawmakers and politicians were also among the targets.
The hackers employed carefully crafted email campaigns, using subject lines referencing major geopolitical issues such as U.S.-Japan relations, Taiwan Strait tensions, and the Russia-Ukraine conflict. When recipients opened infected email attachments, malware was deployed to extract confidential information.
JAXA reported a major data breach in 2023 as part of these ongoing attacks. After analyzing the malware used in these incidents, the National Police Agency found strong evidence pointing to Chinese involvement.
The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has issued warnings about Mirror Face's activities. According to reports, the primary goal appears to be stealing advanced technological information related to national security, semiconductors, and aerospace industries.
The timing and careful selection of targets indicate a coordinated campaign likely supported by the Chinese government, raising serious concerns about cybersecurity and data protection in Japan's public and private sectors.