EDITORIAL | Make China End Cyber Attacks Before Inviting Wang Yi

The National Police Agency (NPA) has revealed details about cyber attacks targeting Japan by MirrorFace. The hacker group is suspected of having links to the Chinese government.

From 2019 to 2024, this Chinese hacker group launched 210 confirmed cyber attacks targeting information on Japan's security and advanced technology. The National Police Agency (NPA)'s cybercrime investigation division conducted the investigation, along with police departments across the country.

Such criminal cyber activities are absolutely unacceptable. The Ishiba Administration should demand that the Chinese government immediately halt all such attacks. There is also a pressing need for Japan to introduce "active cyber defense" to neutralize servers used in such attacks.

Relevant bills must be passed during the regular National Diet session that convenes on January 24.

How MirrorFace Works

In its typical mode of hacking, MirrorFace sends emails with attachments containing malware to targeted organizations and individuals. If these are downloaded, they allow the hacker group to view data saved on computers. Such "targeted email attacks" include "network penetration attacks" that exploit vulnerabilities in virtual private networks (VPNs) used to connect to internal networks from the outside.

MirrorFace has attacked the Ministry of Foreign Affairs, the Ministry of Defense, the Cabinet Secretariat, the Japan Aerospace Exploration Agency (JAXA), think tanks, private companies with advanced technology and individuals associated with them, as well as politicians. According to police, hackers might have been able to steal or view sensitive national security and advanced technology information.

Similarities to Group with Reported State Ties

According to reports, the malware employed was similar to that used by another hacking group tied to the Ministry of State Security (MSS), China's principal civilian intelligence agency. Moreover, the MirrorFace malware code contained simplified Chinese characters (jiantizi), such as those used in mainland China. Attacks were carried out during working hours in China and there were no attacks during long Chinese holiday holiday periods.

Based on these findings, the NPA has said it is reasonable to conclude there was Chinese government involvement in the MirrorFace cyber crimes. However, the investigation is ongoing. If it is definitely determined that there was Chinese government involvement, there will be "public attribution" criticizing Beijing by name.

*Chinese Foreign Minister Wang Yi shakes hands with his Japanese counterpart Takeshi Iwaya in Beijing on December 25. (©Kyodo)*

Address the Issue Promptly

The significance of the NPA making public its suspicions of Chinese government involvement in these hacking incidents cannot be overstated. Furthermore, these incidents are significant enough to take up at the diplomatic level now. That hasn't happened, however.

Surely, it cannot be that the Foreign Ministry has shied away from making any definitive statements on the matter because Chinese Foreign Minister Wang Yi is scheduled to visit Japan soon.

Chinese hacker groups have launched other cyber attacks against Japan in the past. When they meet with Wang Yi, Prime Minister Shigeru Ishiba and Foreign Minister Takeshi Iwaya must ensure that MirrorFace is a key topic for discussion.

(Read the editorial in Japanese.)

Author: Editorial Board, The Sankei Shimbun