The weekly press conference of Japan’s National Public Security Council was a usual event, but recently it caused a stir in the global cybersecurity community after police chief Mitsuhiro Matsumoto officially confirmed that the Chinese Communist Party was responsible for cyber attacks in Japan.
Since then, Japan’s National Police Agency has received a flood of questions from foreign governments and media organizations asking questions related to the Chinese Communist Party’s cyberattacks.
Japan names Chinese Communist Party responsible for cyberattack for the first time
The Nikkei Asian Review reported on May 16 that two days before a press conference was held on April 22, the Japanese National Police Agency filed a lawsuit against a Chinese systems engineer, a member of the Communist Party, for his alleged involvement in cyber attacks against the Japan Aerospace Exploration Agency (JAXA) and 200 other Japanese companies and research institutions.
According to Tokyo police, the suspect, who has fled Japan, used a false identity to register a Web server in Japan for cyberattacks against JAXA.
Police Chief Matsumoto said during the meeting that a Chinese hacker group called Tick carried out the attacks. It is highly likely that Unit 61419 of the Chinese Communist Army was involved in cyber espionage.
Matsumoto said authorities are continuing their investigation.
“Nikkei” said this is the first time Japan has gone on the offensive, naming Beijing as the culprit of cyber attacks on the country.
In 2015, a cyber attack on Japan’s annuity institutions led to a massive information breach that compromised more than 1 million names and pension identification numbers, some accompanied by birth dates and addresses. The Tokyo Metropolitan Police Department investigated the attack, analyzing the malware used and where the data was sent. The investigation produced evidence that the attackers used a server in China. However, Tokyo did not claim that the attack was state-sponsored because there was no conclusive evidence that the Chinese Communist government was involved.
And with this attack on Japanese companies and research institutions such as JAXA, better evidence from Tokyo police gave the Japanese government license to accuse Beijing.
The culprit rarely admits to his actions. Beijing strongly denies Japan’s allegations of the JAXA cyberattack. Wang Wenbin, a spokesman for the Chinese Communist Party’s Foreign Ministry, said he firmly opposes any country or institution using allegations of cyberattacks to throw dirt on China (the Communist Party).
In an apparent response to Wang’s suggestion that the cyberattack investigation should be based on credible evidence, Matsumoto said his agency has evidence, including testimony from suspects and other interested parties.
“Nikkei” said Matsumoto’s words are likely a signal that a war of nerves is underway between Beijing and Tokyo. Beijing did not provide a further official response to the statement.
“The Role of “Cyberattack Attribution
The process of tracing and ultimately identifying the source of a cyber attack is called “cyber attribution. This is a complex and challenging task, especially when it comes to foreign governments. This task requires layers of technical and strategic investigation. This critical step involves the painstaking work of security analysts to gather fragmented evidence and establish a precise timeline.
While the chances of bringing to justice foreign hackers who are punishable overseas are slim, “cyberattack attribution” can serve to “name” and “shame” hackers for supporting governments in an effort to deter future cyberattacks. “in order to deter future cyber attacks, or to lay the legal foundation for sanctioning the alleged perpetrators.
“According to the Nikkei, “attribution” of cyberattacks carried out by a government usually attracts requests for more information from allies. This leads to better multinational cooperation, which enhances the collective ability to combat cyber attacks.
In response to the attack on JAXA in Japan, police first discovered a suspicious server and then began monitoring it, eventually detecting a cyberattack against JAXA. The police advised companies facing similar attacks to take defensive measures.