By Tsuru Shingo, staff writer, and Sudo Tatsuya, senior staff writer
In connection with cyberattacks that targeted roughly 200 domestic organizations including the Japan Aerospace Exploration Agency (JAXA), it came to light that a person affiliated with the Chinese military was giving instructions to a Chinese student who was studying in Japan at the time to purchase security software manufactured by Japanese companies. The Public Safety Bureau of the Tokyo Metropolitan Police Department has questioned the former student. The bureau suspects that the Japanese software was sought after by a group of hackers close to the Chinese military to plan future attacks.
JAXA, as well as Mitsubishi Electric, Gifu Prefecture, and Keio University, were among those targeted by the cyberattacks. The hackers entered the organizations’ computer systems by manipulating personal financing management software that enabled users to access the organization’s internal system and spread malware.
In April, a file on a Chinese Communist Party member in his 30’s was referred to the prosecutors’ office on suspicion of illegally creating and using electronic data after contracting with an internet server under a false identity. The said server was subsequently used for the cyberattack. According to a person close to the investigation, the ex-student surfaced in the course of an investigation into another server with which a contract was also concluded under a false name and used for the attack.
The former student told the bureau that a woman living in China gave instructions about contracting with the server in 2016. At the woman’s direction, the student also attempted to purchase security software manufactured by a Japanese firm by sending an email under the guise of a company in the fall of 2016. The Japanese firm declined to do business, however, after finding out that the company name the student gave was not registered as a corporation.
The software was introduced to some Japanese government agencies. It is one of few security software programs produced in Japan. “The hackers were likely seeking a means to get around the software’s security surveillance,” said one of the investigators. It is possible to determine which government agencies are using the software from public procurement records.
USBs were sent to Tsingtao
When the woman travelled to Japan for sightseeing, she was questioned by the Public Safety Bureau. She said she was introduced to the student by a common acquaintance and admitted to sending instructions using Chinese SNS. The bureau later found out that her husband is a member of the Chinese military.
Reportedly, the former student was neither a Chinese Communist Party member nor affiliated with the military, and the bureau has concluded that it is highly likely that the student was used as tool to prevent officials who are in charge from being implicated. The student has since gone back to China, and the authorities have not pursued criminal charges.
The former student also admitted to having sent Japanese USB flash drives to Tsingtao, China, at the direction of the woman. The bureau has separately confirmed that the USB memory sticks purchased by the student at a major online shopping site were transferred to Tsingtao. The Chinese military operates in Tsingtao one of its hubs for cyberattack operations. However, so far no evidence has been found that connects the USB memory sticks and the series of cyberattacks.
Multiple security firms have pointed out that the cyberattacks suggested involvement of a hacker group called “Tick,” which has relationship with the Chinese military. The Public Safety Bureau believes that the group planned to analyze the acquired USB memory sticks and software in order to find fresh targets against which to launch cyberattacks.