Chinese hackers penetrated Japan’s national internal network system, used by diplomats to transmit confidential government documents, two years ago. The breach potentially exposed a vast amount of sensitive information. In response, Japan has joined forces with the United States to bolster its cyber defenses.
The incident is part of a broader pattern, with Chinese cyber operatives frequently targeting not only the United States but also the Netherlands, the Philippines, and other nations. According to American cybersecurity authorities, China currently poses the world’s most significant cyber threat.
The successful hacking of Japan’s highly secure internal network system, which operates as a closed circuit separate from the international internet, is exceptionally rare. The network, utilizing the “International IP Virtual Private Network” for encrypted communication, is crucial for conveying confidential information gathered by Japanese diplomats from foreign governments.
NSA Uncovers Extensive Chinese Cyber Espionage on Japan’s Defense Networks
The U.S. National Security Agency (NSA) has unearthed alarming activities by hacker groups affiliated with the Chinese military aimed at penetrating Japan’s secret defense networks. These cyber intrusions were focused on gathering detailed information about Japan’s military strategies, capabilities, and vulnerabilities. A former U.S. military officer characterized the gravity of these breaches as “shockingly bad,” while an NSA official labeled it “one of the most damaging hacks in that country’s modern history.”In light of these grave discoveries, NSA director Paul Nakasone, alongside other American officials, urgently traveled to Japan for discussions with top Japanese government figures. The bilateral talks focused on devising strategies to address and secure against the vulnerabilities within the network systems of critical Japanese institutions, including the Ministry of Foreign Affairs, the Ministry of Defense, the National Police Agency, the Public Security Intelligence Agency, and the Cabinet Intelligence and Research Office.
Washington has voiced concerns over the potential spill-over effect of such breaches, fearing that American secrets intertwined with Japan’s security network could also be compromised. Consequently, the United States has urged Japan not only to share its improvements but also to persistently enhance its cyber defense mechanisms. In response to these developments, Japan has committed to a comprehensive overhaul of its cyber defenses to prevent similar incidents in the future.
In response to inquiries about these cybersecurity breaches, a spokesperson for the Chinese Ministry of Foreign Affairs claimed to be unaware of the allegations. This was later followed by official documents from China criticizing Japan.
FBI Director Highlights Chinese Cyber Threats to US Infrastructure
In a stark warning during his congressional testimony on Jan. 31, Christopher Wray, director of the Federal Bureau of Investigation (FBI), highlighted the ongoing cyber threats from Chinese government-supported hacker groups targeting critical American infrastructure. The threats encompass key sectors such as water treatment facilities, power grids, and transportation systems, with the potential to cause significant harm to U.S. citizens and communities if the Chinese government opts to activate these attacks.
This alert represents the most direct warning yet from the FBI director regarding the cyber threat posed by China to the United States, underscoring the severity and immediacy of the risk to national security.
In an operation that underscores the extent of the threat, the U.S. Department of Justice, in collaboration with the FBI, was able to neutralize the cyber operations of a Chinese hacker group known as “Volt Typhoon.” This group is part of a broader network focused on penetrating Western critical infrastructures, including naval facilities, internet service providers, and essential utilities like water, electricity, and natural gas sectors.
“Volt Typhoon” employs a strategy that exploits unsecured internet-connected devices worldwide, such as routers, modems, and cameras, to conceal their presence and gain control over these devices. The network is then leveraged to launch attacks on more vulnerable and critical downstream targets.
Mr. Wray emphasized that Chinese hackers pose a daily threat to America’s economic security by stealing vast quantities of intellectual property and personal data. This cyber espionage significantly undermines U.S. technological and economic advancements.
Cybersecurity Experts: China is the Premier Global Cyber Threat
In a comprehensive analysis by American cybersecurity experts in June 2021, it was revealed that China’s cyber threat capabilities have significantly and rapidly expanded over the last decade, positioning it as the foremost global cyber threat. The collaboration between the Chinese military and its Ministry of State Security plays a pivotal role in orchestrating cyberattacks, with cyber espionage emerging as a key instrument in China’s strategic rivalry with the United States.The Insikt Group, a U.S. cybersecurity research firm, reported that the hacker group RedFoxtrot, linked to Chinese military intelligence operations in Urumqi, Xinjiang, is believed to be part of Unit 69010 of the Chinese military. This unit, implicated in a series of cyberattacks aimed at Central Asian nations since 2014, underscores its strategic importance to China’s cyber warfare efforts.
China’s cyber warfare capabilities have evolved rapidly, boasting an estimated force of 25,000 military personnel divided among various units, including Unit 69010, which primarily targets countries in China’s vicinity.
James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies, highlighted that China has engaged in cyber espionage for two decades. In the initial years of widespread high-speed internet access, Chinese efforts to steal intellectual property were detected targeting U.S. government entities, the Department of Defense, and private sector companies.
Broader Context of Chinese Cyber Operations
In March 2021, the Chinese hacker group Hafnium conducted extensive cyber operations against the United States, compromising data and impacting as many as 250,000 entities, including government agencies, businesses, and educational institutions. This incident is part of a broader pattern of aggressive cyber activities by Chinese military-affiliated groups against foreign targets.As far back as June 2014, an American cybersecurity firm identified Unit 61486 of the Chinese military based in Shanghai. This unit has been particularly focused on infiltrating government, defense, aerospace, and satellite organizations in the United States, Europe, and Japan through sophisticated cyber espionage campaigns.
Investigations by U.S. agencies have uncovered over 20 Chinese hacker groups, with a majority linked to the military, underscoring the state-sponsored nature of these cyber operations. The recent cyberattacks on Japan, while not explicitly attributed, bear the hallmarks of being orchestrated by such specialized military units, considering their strategic focus on key national sectors.
