print PRINT

SECURITY > Cybersecurity

China possibly behind cyberattack on ex-Defense Ministry officials

  • April 12, 2018
  • , Sankei , p. 1
  • JMH Translation

Chinese hackers suspected of having been involved in the attack aimed at stealing information


Between late November last year and mid-March this year, emails with a virus-infected attachment were sent to former Defense Ministry officials and ocean policy officials from someone disguised as Cabinet Office and Defense Ministry officials, the Sankei Shimbun learned on April 11. Hundreds of such emails were confirmed, which were apparently sent by Chinese hackers. Those emails were designed to trick recipients into opening the attachment, and the virus in the attachment will infect their personal computers to steal information from them. Sources say some of the recipients opened the attachment and security-related classified information might have leaked.


This was disclosed by an investigation conducted by “LAC” (Tokyo), one of the largest security service providers in Japan. According to LAC, beginning late November last year, emails with a virus-infected attachment were sent to former Defense Ministry officials and other officials who were involved in drawing up the next-term Basic Plan on Ocean Policy for FY2018-22 including the enhancement of emergency security arrangements to defend territorial waters around the Senkaku Islands. Those emails were designed for recipients to open the attachment with the password given in the emails so that information stored in recipients’ personal computers could be automatically sent to the attacker, a LAC official says.


In order to lure recipients to open the attachment, the attacker employed sophisticated tricks such as using a real name in the email text. For example, in the email sent to a former Defense Ministry official in late November last year, the name of an incumbent Defense Ministry official was used, which was written in Japanese as follows: “This email is to inform you that information provided by the North Kanto Defense Bureau will be shared with you as needed.”


Another example is that in the email sent in mid-March this year to an official involved in the ocean policy, the real name of an incumbent official of the Cabinet Office National Ocean Policy Secretariat was used, according to LAC.


Although actual damage caused by information leaks has yet to be confirmed, LAC has found out that multiple recipients opened file attachment.


An official of the Cybersecurity Policy Office of the Information and Communication Division of the Bureau of Defense Buildup and Planning of the Defense Ministry disclosed, “We have gotten hold of information on the incident and already taken necessary countermeasures.” An official of the Cabinet Office Minister’s Secretariat cybersecurity information promotion office also said, “We have obtained information on the incident.”


In the meantime, LAC analyzed on its own malware (an unlawful program) used in the cyberattack. As a result, LAC discovered that “APT-10,” a group of Chinese hackers backed by the Chinese government, seems to have been involved in the cyberattack.


Masatoshi Sato, the chief of LAC’s national security research institute, pointed out, “As part of its cyber strategy, the Chinese government attaches importance to obtaining information on national security.”

  • Ambassador
  • Ukraine
  • COVID-19
  • Trending Japan