The Chinese hacker group “MirrorFace” carried out 210 cyberattacks from 2019 to 2024 on Japanese organizations with the aim of obtaining information related the country’s national security and advanced technology, Japan’s National Police Agency said Wednesday.
The Japan Aerospace Exploration Agency, which disclosed in 2023 that it had suffered a data breach as the result of a cyberattack, was among the organizations targeted by the group, according to a source close to the matter.
The agency suggested the possible involvement of the Chinese government based on the group’s attack methods and targets, which included government entities such as the Defense and Foreign ministries, think tanks, politicians, journalists, and private companies with advanced technology.
Investigations by the agency’s National Cyber Department and police nationwide found that the malware used by MirrorFace was similar to that employed by the “APT10 Group,” a hacker organization said to be associated with China’s Ministry of State Security.
The targets also aligned with China’s areas of interest and the attacks coincided with Chinese working hours, ceasing during the country’s long holidays, police noted.
According to the agency’s cyber department, MirrorFace sent emails to organizations and individuals from December 2019 to around July 2023 posing as associates. After exchanging several messages, the group would then send attachments containing malware, potentially enabling it to view data saved on the computer.
From June 2024, the group shifted to sending links in emails that prompted recipients to download files that, when opened, infected computers with malware. Such attacks are believed to be ongoing.
Research institutions and private companies possessing advanced technology in sectors such as semiconductors, information and communications, and aerospace were targeted between February and October 2023. The hackers exploited vulnerabilities in virtual private networks to infiltrate networks and enable unauthorized access.
The agency’s cyber department, while continuing its analysis to prove China’s involvement, plans to openly name and condemn responsible governments and organizations.