Japan’s Aerospace Exploration Agency (JAXA) was recently hit by a cyberattack. The incident was announced in a statement by a government representative during a briefing on 29th November. Sources within JAXA confirmed that the attack targeted the agency’s network server to invade its mission-critical system.
The threat actors behind the incident are yet to claim responsibility. JAXA refused to elaborate on details of the attack. However, it assured that no sensitive information regarding rocket and satellite operations has been exfiltrated thus far.
There has been no official update on the date of the cyberattack. But, sources indicated that the agency’s system was likely hacked during the summer. JAXA was made aware of the incident only when law enforcement reached out this autumn.
As soon as it was made aware of the incident, JAXA reported it to the ministry. It also disconnected its internal system from external networks.
The Japan News is a leading Japanese media outlet that first reported on the incident. Citing sources from JAXA, it indicated that the agency’s central Active Directory server was illegally accessed in the attack. Central Active Directory manages JAXA’s mission-critical data, such as passwords, staff IDs, and viewing privileges.
The specific techniques and strategies employed by hackers to access the agency’s highly confidential system are yet to be disclosed. However, JAXA sources and officials of the science and technology ministry suggested that a vulnerability disclosed by a network equipment manufacturer in June this year might have been exploited and used as the attack vector to gain unauthorised access to JAXA’s network.
This is not the only incident to rock the cybersecurity landscape of Japan’s leading organisations. Recently, manufacturing giant Japan Aviation Electronics (JAE) was hit by a cyberattack that impacted its workflow. The attack forced the organisation, which has revenue of more than a billion dollars, to shut down its official website.
“We are currently investigating the status of damage and restoring operations, but some systems have been suspended and there have been some delays in sending and receiving e-mails,” said JAE.
The attack was executed by a ransomware gang called ALPHV (also known as BlackCat). It listed JAE as a victim on its dark web blog. However, the cybercriminals haven’t yet disclosed the type of data they have accessed or exfiltrated.
According to JAE, even though the cyber-attackers gained unauthorised access to some of its servers, no sensitive information has been stolen thus far. The organisation avoided offering in-depth insight into the incident. However, it confirmed that JAE had already rolled out an investigation to avoid any serious repercussions.
The number of cyber incidents in the country is surging as threat actors target vulnerabilities to exploit weak cybersecurity defences. In the first half of 2022, Japan faced over 114 ransomware attacks. That’s an increase of 87% from the year before, according to the National Police Agency.
The increasing invasion of cyberspace by cybercriminals has left Japan scrambling to augment its cybersecurity efforts. Unfortunately, it’s not an issue that’s limited to that country. As businesses around the world move to the cloud, they become more vulnerable to attacks.
To strengthen their cybersecurity posture, organisations can leverage high-end penetration testing services such as those offered by Rootshell Security. The rigorous and detailed approaches employed during penetration testing help uncover critical vulnerabilities and remedy them before they are exploited.
Sohela is an electrical engineer and a self-professed writer with a keen interest in all things tech. When she’s not writing killer content pieces, you’ll find her enjoying tempting foods in her favourite restaurants.
