Pierluigi Paganini May 19, 2025

Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers.

Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs. This marks a shift from Japan’s pacifist stance under Article 9, aiming to elevate its cyber defense to match major Western powers and enable broader military support to allies.

The law allows government agencies to carry out hacking back operations, infiltrating and neutralizing infrastructure employed by threat actors to target the country and its organizations.

Japan’s new Active Cyberdefense Law also lets authorities preemptively target hostile infrastructure, even before attacks occur. It also enables Self-Defence Forces to aid allies and handle advanced cyber threats, reflecting a shift in the interpretation of Article 9 for national and allied security.

The Japanese government aims to make the new legal framework fully operational by 2027.

“The new law is intended to enable Japan to “identify and respond to cyber attacks more quickly and effectively” according to Yoshimasa Hayashi, Japan’s chief cabinet secretary, who added on Friday that it would help Tokyo “equal or exceed” the cyber capabilities “of major European countries and the US.”” reported The Record Media.

The Japanese government will monitor and analyze IP addresses involved in international communications passing through or to/from Japan. Domestic communications and message content, such as email bodies, are excluded from surveillance.

“A new independent panel will be set up to give prior approval for data acquisition and analysis, as well as for actions to neutralize hostile servers. It will also be tasked with ensuring that government surveillance is being properly conducted.” reported by Kyodo News. “In response to concerns from opposition parties over potential government overreach and violation of the constitutional right to secrecy of communications, the government revised legislation and stipulated specific provisions in the law to uphold personal rights.”

Japan remains a target for both financially motivated threat actors and APT groups.

In April 2025, Japan ’s Financial Services Agency (FSA) warned of hundreds of millions in unauthorized trades linked to hacked brokerage accounts.

In March 2025, a data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers.

In December, a cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing on Thursday.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Japan)