TOKYO — Revelations of cyberattacks targeting about 200 mainly aerospace companies in Japan show an intent to exploit software weaknesses before they could be fixed, with the apparent involvement of the Chinese military, according to authorities and cybersecurity experts.
Tokyo police on Tuesday referred an IT systems engineer to prosecutors on suspicion of taking part in the attacks, which had Japan’s space agency JAXA among the targets. The engineer, who already has left the country, is a man in his 30s and a member of China’s Communist Party, authorities said.
The hackers appear to have launched a so-called zero-day attack, in which vulnerabilities unknown to target companies are exploited. By conducting repeated attacks, the hacker analyzes the target’s systems and then infects them with malware to steal information.
“Companies take such precautions as installing the latest security software, but the fact is that defending against these attacks isn’t easy,” said Hiroshi Takeuchi, a senior analyst at the Security Research Center at Macnica Networks.
The suspect worked at a Chinese state-owned telecom company and is believed to have been involved in cyberattacks against around 200 companies and research institutions between 2016 and 2018, authorities said. He is also suspected of sharing server and other information with a hacker group called Tick, which has ties to China’s security establishment.
Possible involvement by Tick was cited in a cyberattack against Mitsubishi Electric revealed last year. Japanese companies targeted in other attacks include NEC and Kobe Steel.
Tick reportedly is an advanced hacker group that develops its own malware. Its ability to find vulnerabilities in corporate security systems means that companies face the risk of hackers getting past their security software and equipment undetected.
Hisamitsu Arai, a former vice minister for international affairs at Japan’s Ministry of Economy, Trade and Industry, said Tokyo “lacks a sense of urgency” in confronting such threats.
“In the U.S., the military, police and security officials work together to detect attackers’ moves, and this information is shared with corporations and others to warn them,” Arai said.
“Authorities take a tough stance by identifying and pressing charges against Chinese, North Korean and Russian hackers.”
“Japan needs to quickly set up a framework in which the government and private sector cooperate to prevent cyberattacks and show the international community that it is serious about defense,” he added.