Japan's accusations of Chinese military cyberattacks causes stir in global cybersecurity community

May 17, 2021

Tokyo [Japan], May 17 : After Japanese police chief Mitsuhiro Matsumoto officially identified China as responsible for a cyberattack on the country, its National Police Agency has been overwhelmed with inquiries from foreign governments and media organisations regarding the claim, causing a stir among the global cybersecurity community.
Nikkei Asia reports that the Tokyo Metropolitan Police Department had filed a case on April 20 against a Chinese systems engineer, who is also a member of the Chinese Communist Party (CCP) for allegedly taking part in cyberattacks targeting the Japan Aerospace Exploration Agency (JAXA) and 200 other Japanese companies and research institutions in 2016 and 2017.
The suspect used a fake ID to register a web server in the country for cyberattacks against JAXA, which suggested that China's People's Liberation Army (PLA) was also involved in the intrusion, according to Tokyo police. The suspect has now fled Japan.
The police first discovered a suspicious server and then began monitoring it, eventually detecting a cyberattack against JAXA. It found that the attacker was trying to exploit a vulnerability in the security software used by the space agency and advised companies facing similar attacks to take defensive measures.
"It's highly likely that the PLA's Unit 61419 -- a strategic support unit operating from the Chinese city of Qingdao in Shandong Province -- was involved in the cyber espionage," said Matsumoto, commissioner-general of the police agency, on April 23.
Beijing on the other hand has vehemently denied the allegations made by Japan, with Foreign Ministry spokesperson Wang Wenbin saying: "China is firmly opposed to any country or institution [using allegations of] cyberattacks to throw mud at China."
In response to Wang's remarks, Matsumoto said that his agency had the evidence, including testimonies of the suspects and other parties involved. These comments suggest a war of nerves between China and Tokyo, reported Nikkei Asia.
In 2015, the Japan Pension Service was hit by a cyberattack that led to a massive information breach, with more than 1 million names and pension identification numbers leaked, some accompanied by birthdates and addresses. The ensuing probe provided evidence that showed servers in China were used.
However, there was no conclusive proof that Beijing was involved, so Tokyo stopped short of claiming the attack was state-sponsored. This time, however, better forensics by Tokyo police led the Japanese government to directly blame Beijing.
Yuichi Sakaguchi for Nikkei Asia writes that even in the presence of incorruptible evidence, there is little chance of bringing to justice culpable foreign nationals operating overseas.
However, the process of cyber attribution, which refers to tracking and identifying sources of cyberattacks, can be used to 'name and shame' in the hope of deterring future cyberattacks or lay the groundwork for sanctions against alleged perpetrators.
The revelation came at a time when tensions between China and Japan have escalated amid increased activity by Beijing in the disputed East China Sea. Earlier this year, Beijing had implemented a new law that allows the country's quasi-military force to use weapons against foreign ships that China sees as illegally entering its waters.
Last month, Japan said China's coastguard had expanded its presence in the contested waters by entering twice a month and as frequently as twice a week near the Japanese-controlled Senkaku Islands, known by the Chinese as Diaoyu.
Last month, Microsoft, the US company, said a sophisticated group of hackers linked to China has hacked into its popular email service that allowed them to gain access to computers.
The company had said that four vulnerabilities in its software allowed hackers to access servers for Microsoft Exchange, "which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments," reported CNN.
Last year, in a major breach of security, Australia was hit by a major cyberattack by a "state-based actor".