Japan is investigating security breach of Defence Information Infrastructure

The Japanese Government is investigating a reported security breach suffered by the High-speed Defence Information Infrastructure (DII) network.

The Defence Information Infrastructure is a high-speed large-capacity communication network connecting SDF bases and camps. The Defence Information Infrastructure comprises two distinct networks, one connected to the Internet and an internal network.

The security breach took place in September but media have disclosed it only now, the South China Morning Post reported that the attack was confirmed by unnamed ministry officials on Sunday morning.

According to the SCMP hacker penetrated the Ground Self-Defence Force. The hackers first breached a network shared between Japan’s National Defence Academy and its National Defence Medical College, then with a later movement, they got access to the Defence Information Infrastructure network.

“The Japanese Defence Ministry and the Self-Defence Forces discovered in September that their shared communication network had suffered a cyberattack that enabled a hacker to penetrate the Ground Self-Defense Force’s computer system, ministry sources said on Sunday.” reported the South China Morning Post.

“Some information may have been leaked in the incident, with an organised attacker such as a nation state strongly suspected, but the full scope of the damage is not clear, the sources said.”

New SDF unit – The Japan Times

How is it possible?

Bloomberg quoted Kyodo news that citing ministry sources in an earlier report, explained the hackers took advantage of the fact that computers at Japan’s National Defense Academy and National Defense Medical College are connected both to a university network and to an internal network linking military bases.

The news was reported by Bloomberg who linked the attack to a nation-state actor due to the complexity of the attack and the nature of the target,

The South China Morning Post reports of a highly skilled attack that leads the ministry immediately raise the cybersecurity alert level in the country.

Masakazu Saito, a senior ministry official in charge of cyber security issues, did not comment the incident.

Bloomberg commenting the alleged attack states that report also cited senior military officials as saying the attack managed “as a crisis”. In response to the incident, staff at the ministry and the Self-Defense Forces were temporarily banned from connecting to the Internet.

“It is a very serious situation. We must quickly take measures to prevent a recurrence.” said a senior SDF official.

Cyber attacks against Japanese organizations are nothing new, below a short list of major hacking campaigns that targeted the country:

August 2011: Mitsubishi Heavy Industries (defense contractor) networks infected by malware that sent outside information on defense systems.
October 2011: A cyber espionage campaign originated from China exposed sensible information at least a month.The infection was possible thanks phishing campaign against Lower House member started in July. Also in this case a malware was used for the attack.
December 2012: the Japan Aerospace Exploration Agency was hit by a virus that stolen secret information on newest rockets from an internal computer. The precious information was stored on a computer in Tsukuba Space Center located in northeast area of Tokyo.
July 2012: The Japanese Finance Ministry announced that its computers have been infected with a virus in the from 2010 to 2011 causing leaks of information.
September 2013: Security experts at FireEye discovered the Operation DeputyDog against Japanese entities that exploits Zero-Day (CVE-2013-3893) recently announced by Microsoft.
August 2015: Security experts at Kaspersky Lab have analyzed the cyber attacks run by the Blue Termite APT, a hacking crew group focused on Japanese organizations.
February 2016: Japanese commercial and critical infrastructure organizations have been targeted a long-running campaign dubbed Operation Dust Storm.
October 2016: The threat actor behind the Blackgear cyber-espionage campaign that is targeting Japanese entities is the same that hit Taiwan in 2012.

Bloomberg states that Japan’s Defense Ministry denied a military computer network had suffered a high-level cyber attack in September.

“A public affairs official at the ministry said the report wasn’t true, and that it receives numerous suspicious e-mails and other forms of contact believed to be cyber attacks on a daily basis. The official, who declined to be named in line with government policy, also said the ministry doesn’t comment on such attacks as that would expose its ability to deal with them.” reported Bloomberg.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Japan, Defence Information Infrastructure )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.