The National Police Agency on April 20 referred a Chinese engineer, who is a member of the Chinese Communist Party (CCP), to prosecutors for further investigation related to large-scale cyberattacks on Japan’s space agency (JAXA) and some 200 other Japanese companies and research institutes in the aerospace and defense sectors. The suspect appears to have worked on behalf of the Chinese military (PLA) while residing in Japan.
The police allege the male systems engineer in his 30s, who worked for a state-owned major Chinese telecom firm, used a false identity multiple times to hire the Japanese rental servers that were used to launch a series of cyberattacks by PLA-affiliated hacker groups.
It is rare for the Japanese authorities to acknowledge investigations of such large server attacks by foreign entities on Japan.
Police say that between September 2016 and April 2017, the systems engineer used a false name and address on five occasions to hire the Japanese rental servers that were subsequently used in the attacks.
Police suspect that a hacker group dubbed “Tick,” which has ties to the elite PLA cyberattack group Unit 61419, was responsible for the series of attacks, which took place between June 2016 and April 2017.
By identifying the servers used to launch the attacks, police investigators discovered that the ID and other information the man used to hire the servers was sold on the Internet. They also confirmed that some of that information had been sold to Tick.
The Public Safety Bureau believes that Tick turned to the man to gain access to the servers as a “springboard” for attacks, as that would make it difficult to trace their ultimate source.
Separately, another Chinese male, who had been a student in Japan, is suspected of having used a false identity to rent servers and perform other actions at the direction of the PLA. Like the man who admitted to the Public Safety Bureau—a unit within the police responsible for investigating espionage—that he was CCP member, the student, too, soon left Japan.
During the interrogation of the man, police learned about the involvement of other men and women who had been giving this former student instructions. The investigation is ongoing.
JAXA maintains that it did not suffer any leaks or other damage from the cyberattacks.
China Recruiting Civilian ‘Patriots’
The latest cyberattack incident shows clear involvement by Tick, which is for all intents and purposes a hacking arm of the Chinese state. In this case, the individuals who were targeted to China the cyberattack tool it wanted were a CCP member and a former student in Japan. It shows how the Chinese government is attempting to co-opt civilian Chinese into its espionage and influence operations.
The China National Security Law that took effect in 2017 specifically states that one of the duties of citizens and organizations is “providing public security organs, state security organs or relevant military organs with necessary support and assistance.”
Since then, the tempo of Chinese spying has picked up considerably, and accordingly the threat to Japan has grown.
“Contribute to the motherland!” According to investigators, that was the order that the former student in Japan received from a PLA source seeking his cooperation in espionage work. During voluntary interrogation by the Public Security Bureau the man described how he had become involved. However, soon thereafter he, too, left Japan.
As with the CCP party member whose case has been referred to prosecutors, it appears that the man appears to have rented the servers using a false ID, which he then passed on to the Chinese military.
Chinese citizens worldwide are bound by the provisions of the National Security Law, and the Chinese government seems intent on making use of individuals from various walks of life in different places around the world.
Although in many cases, cooperating individuals are financially rewarded, in some cases they are forced to cooperate in spying operations. Experts on Sino-Japanese relations point out, “They might have fears about their physical safety and are under intense pressure to conform.”
Japan Stands More or Less Defenseless
Despite this situation, at present Japan lacks any “anti-spy law” that would facilitate a crackdown on foreign espionage activities. Although the government is considering such legislation and other measures, as things now stand the governmentーand private organizations and individualsーremain essentially defenseless in the face of the sophisticated espionage activities undertaken by the Chinese government.
According to the Tokyo-based information security company Trend Micro Incorporated, it has been confirmed that Tick has existed since 2008 and began cyberattacks on Japanese companies from around 2011. Among other “state-sponsored” organizations that carry out cyberattacks with Chinese government support, experts point to other hacker groups like “APT 10” that have targeted Japanese interests worldwide.
However, according to one of the investigators, the technical capabilities of Tick “stand out from the crowd, and the danger they pose is the most severe.”
The Japanese government hopes that the investigation will provide a more complete picture of this troubling situation.
(Read the Sankei Shimbun report in Japanese at this link.)
Author: The Sankei Shimbun