China has long been accused of conducting cyber espionage campaigns against rival nations, with security experts frequently warning about sophisticated attacks targeting government and military infrastructure. A recent report has once again raised concerns after allegations emerged that malware linked to a Chinese hacking group infiltrated Japanese military computer systems through compromised USB flash drives.
According to reports from Nikkei, counterfeit USB flash drives were allegedly supplied to Japan’s Ground Self-Defense Forces between 2023 and 2024. Investigators believe the devices were distributed under the branding of a well-known flash storage manufacturer, allowing them to appear genuine and evade suspicion. The USB drives were reportedly provided during the period following Japan’s devastating earthquake, when various hardware and software resources were being procured to support rebuilding and operational activities.
The infected flash drives were primarily used for transferring files between computers operating on isolated military networks. These systems are typically “air-gapped,” meaning they remain disconnected from the internet to safeguard classified information from external cyber threats. Because removable media is one of the few ways data can be transferred into such environments, compromised USB devices pose a significant security risk.
The breach reportedly came to light after a soldier stationed at the Itami unit near Osaka noticed unusually slow performance on a newly deployed computer. A subsequent forensic investigation revealed that the USB drives contained malware embedded during the manufacturing process. Once connected to a computer, the malicious software automatically infected the system, enabling espionage activities while also possessing the capability to erase or destroy data.
Military organizations around the world rely heavily on isolated networks to protect highly sensitive operational and strategic information. Since these systems are rarely connected to external networks, they are generally considered more secure. However, the incident demonstrates that attackers can bypass traditional cybersecurity defenses by targeting the supply chain and compromising trusted hardware before it reaches the end user.
A Japanese government investigation reportedly found that nearly 50 military computers handling classified information had already been infected by the malware. Authorities later concluded that between 50 and 60 devices may have been exposed after being connected to the compromised USB drives, raising concerns about potential data theft and operational security.
The findings have also prompted broader concerns regarding hardware supply chain security. According to the report, Japanese military officials informed U.S. intelligence agencies in 2024 that Chinese state-backed hackers were allegedly supplying computer hardware and software at significantly reduced prices, with some products containing malware designed to remain hidden for extended periods before activating.
Although investigations are continuing, the incident highlights the growing importance of verifying the authenticity of hardware used in sensitive environments. It also underscores the need for stronger supply chain security measures, stricter device validation procedures, and continuous monitoring to defend critical military infrastructure from increasingly sophisticated cyber threats.
Join our LinkedIn group Information Security Community!
