Pierluigi Paganini November 28, 2016

The Japanese Government is investigating a reported security breach suffered by the High-speed Defence Information Infrastructure (DII) network.

The Defence Information Infrastructure is a high-speed large-capacity communication network connecting SDF bases and camps. The Defence Information Infrastructure comprises two distinct networks, one connected to the Internet and an internal network.

The security breach took place in September but media have disclosed it only now, the South China Morning Post reported that the attack was confirmed by unnamed ministry officials on Sunday morning.

According to the SCMP hacker penetrated the Ground Self-Defence Force. The hackers first breached a network shared between Japan’s National Defence Academy and its National Defence Medical College, then with a later movement, they got access to the Defence Information Infrastructure network.

“The Japanese Defence Ministry and the Self-Defence Forces discovered in September that their shared communication network had suffered a cyberattack that enabled a hacker to penetrate the Ground Self-Defense Force’s computer system, ministry sources said on Sunday.” reported the South China Morning Post.

“Some information may have been leaked in the incident, with an organised attacker such as a nation state strongly suspected, but the full scope of the damage is not clear, the sources said.”

New SDF unit – The Japan Times

How is it possible?

Bloomberg quoted Kyodo news that citing ministry sources in an earlier report, explained the hackers took advantage of the fact that computers at Japan’s National Defense Academy and National Defense Medical College are connected both to a university network and to an internal network linking military bases.

The news was reported by Bloomberg who linked the attack to a nation-state actor due to the complexity of the attack and the nature of the target,

The South China Morning Post reports of a highly skilled attack that leads the ministry immediately raise the cybersecurity alert level in the country.

Masakazu Saito, a senior ministry official in charge of cyber security issues, did not comment the incident.

Bloomberg commenting the alleged attack states that report also cited senior military officials as saying the attack managed “as a crisis”. In response to the incident, staff at the ministry and the Self-Defense Forces were temporarily banned from connecting to the Internet.

“It is a very serious situation. We must quickly take measures to prevent a recurrence.” said a senior SDF official.

Cyber attacks against Japanese organizations are nothing new, below a short list of major hacking campaigns that targeted the country:

• August 2011: Mitsubishi Heavy Industries (defense contractor) networks infected by malware that sent outside information on defense systems.
• October 2011: A cyber espionage campaign originated from China exposed sensible information at least a month.The infection was possible thanks phishing campaign against Lower House member started in July. Also in this case a malware was used for the attack.
• December 2012: the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored on a computer in Tsukuba Space Center located in northeast area of Tokyo.
• July 2012: The Japanese Finance Ministry announced that its computers have been infected with a virus in the from 2010 to 2011 causing leaks of information.
• September 2013: Security experts at FireEye discovered the Operation DeputyDog against Japanese entities that exploits Zero-Day (CVE-2013-3893) recently announced by Microsoft.
• August 2015: Security experts at Kaspersky Lab have analyzed the cyber attacks run by the Blue Termite APT, a hacking crew group focused on Japanese organizations.
• February 2016: Japanese commercial and critical infrastructure organizations have been targeted a long-running campaign dubbed Operation Dust Storm.
• October 2016: The threat actor behind the Blackgear cyber-espionage campaign that is targeting Japanese entities is the same that hit Taiwan in 2012.

Bloomberg states that Japan’s Defense Ministry denied a military computer network had suffered a high-level cyber attack in September.

“A public affairs official at the ministry said the report wasn’t true, and that it receives numerous suspicious e-mails and other forms of contact believed to be cyber attacks on a daily basis. The official, who declined to be named in line with government policy, also said the ministry doesn’t comment on such attacks as that would expose its ability to deal with them.” reported Bloomberg.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Japan, Defence Information Infrastructure )