1 min read

Japan's cybersecurity agency admits it was hacked for months


August 30, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Japan's cybersecurity agency admits it was hacked for months

Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for the nation's defences against cyber attacks, has itself been hacked.

As the Financial Times reports, the Chinese military are suspected of being behind a security breach that saw hackers infiltrate Japan's NISC for as long as nine months.

At the start of this month, on August 4 2023, Japan's NISC went public about a security breach that had resulted in email conversations being exposed to unauthorised parties.

The hack is thought to have commenced in October 2022, but the first traces of a problem were not spotted until the middle of June this year.

On August 8 2023, in a brief follow-up announcement, the organisation warned of "suspicious phone calls and emails" from people posing as employees of Japan's NISC - presumably in an attempt to trick unsuspecting victims into sharing personal details, credentials, or opening malicious content.

Although the Japanese authorities have not publicly pointed the finger of blame towards China's People's Liberation Army for the hack, the FT says that three Japanese government and private sector sources familiar with the situation have made the link.

Japan has said it is boosting its cybersecurity budget 1000% in the next five years, and quadrupling its military cybersecurity force to 4000 people.

Whether that will be enough to reassure Japan's western allies that the country is taking cybersecurity seriously enough, and if it will help protect against future Chinese hacks, is uncertain for now.

Inevitably there will be some in the United States and elsewhere who will feel somewhat more nervous about sharing sensitive information with Japan when state-sponsored Chinese hackers are found embedded deep within Tokyo's defence networks.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like