Japan’s cyber security agency suffers months-long breach

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
The organisation responsible for Japan’s national defences against cyber attacks has itself been infiltrated by hackers, who may have gained access to sensitive data for as much as nine months. According to three government and private sector sources familiar with the situation, Chinese state-backed hackers were believed to be behind the attack on Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which began last autumn and was not detected until June.
 

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
443
Nine month Chinese spying? I wonder what they will call the baby? Maybe Xi?
I've caught 2 chinese APT's in my career. Both were custom RMM tools and valid digital signatures with wierd Chinese IT companies. Also... the malware was broken into multiple files. There wasn't like one script or a couple of exes. This was many injected DLLs and No edr or sandbox was able to detect it.

I needed to use Unhackme Professional (Sysinternals on steroids plus mooches off all vendors via VT). I found many start up items that had these Chinese signatures. Immediately removed it and retained the samples for later investigation. The only way it would have been caught was by manual inspection. I also knew the software that was Allowed to be installed and this trojan was not on that list.

My worry is if Japan's security dept can't find these in time... what else is out there. Also shoes the true talent shortage required to deal with these class of threats.
 

cartaphilus

Level 5
Verified
Well-known
Mar 17, 2023
232
I've caught 2 chinese APT's in my career. Both were custom RMM tools and valid digital signatures with wierd Chinese IT companies. Also... the malware was broken into multiple files. There wasn't like one script or a couple of exes. This was many injected DLLs and No edr or sandbox was able to detect it.

I needed to use Unhackme Professional (Sysinternals on steroids plus mooches off all vendors via VT). I found many start up items that had these Chinese signatures. Immediately removed it and retained the samples for later investigation. The only way it would have been caught was by manual inspection. I also knew the software that was Allowed to be installed and this trojan was not on that list.

My worry is if Japan's security dept can't find these in time... what else is out there. Also shoes the true talent shortage required to deal with these class of threats.
Neat, good job.

I am worried about what Chinese spyware is hiding at DISA? :)

As for Japan; China must be royalty pissed regarding those new Japanese aircraft helicopter carriers. I forgot that Japan is forbidden by the US to own aircraft carriers; something about attacking the US Pacific fleet in some island or something. Don't know it was at least before 2020.
 

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
What is worrisome is the difficulty of protecting against targeted attacks.
This requires more focus on
Implement a layered approach to security. This means using a variety of security measures, such as firewalls, intrusion detection systems, and data encryption, to protect against different types of attacks.
Educate employees about security threats. Employees should be aware of the different types of targeted attacks and how to detect them. They should also be educated on how to protect their personal information and avoid falling victim to social engineering scams.
Have a plan for responding to targeted attacks. Organizations should have a plan for responding to a targeted attack. This plan should include steps to contain the attack, minimize damage, and recover from the attack.
 

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
443
What is worrisome is the difficulty of protecting against targeted attacks.
This requires more focus on
Implement a layered approach to security. This means using a variety of security measures, such as firewalls, intrusion detection systems, and data encryption, to protect against different types of attacks.
Educate employees about security threats. Employees should be aware of the different types of targeted attacks and how to detect them. They should also be educated on how to protect their personal information and avoid falling victim to social engineering scams.
Have a plan for responding to targeted attacks. Organizations should have a plan for responding to a targeted attack. This plan should include steps to contain the attack, minimize damage, and recover from the attack.
You read my mind. Unfortunately the world isn't equipped that well.
 
  • Thanks
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top