Japan Aerospace Exploration Agency, commonly referred to as JAXA, recently fell victim to a cyber attack believed to be a ransomware variant. While an official confirmation on the nature of the cyber incident has been issued, specific details regarding the ransomware remain under investigation.
According to a source within JAXA, it is suspected that the system may have been compromised during the summer of this year. The breach, however, was only detected during routine IT audits, highlighting the sophisticated nature of the attack.
Reports from Yomiuri Shimbun, a prominent Japanese newspaper, suggest that the security breach might have occurred through the exploitation of vulnerabilities in the Active Directory Servers. Additionally, credentials may have been illicitly obtained through phishing or other means, as clarified by the newspaper.
This cyber attack on JAXA bears resemblance to a large-scale incident that unfolded in 2016 and 2017. Subsequent investigations by the government revealed the involvement of the Chinese Peopleās Liberation Army, leading to the indictment of a member linked to the Communist Party of China.
In response to the recent incident, JAXA has promptly notified law enforcement and government officials. As a precautionary measure, the agency has taken steps to contain the potential repercussions by temporarily shutting down its intranet services.
In the context of geopolitical tensions in Asia, neighboring nations often find themselves entangled in border conflicts. The strained relations between China and Japan, influenced by various catalysts, contribute to the heightened concerns regarding cyber attacks.
The year 2023 has seen a surge in cyber threats targeting Japanese companies. Notably, entities such as Seiko, Yamaha, Casio, and EISAI, a major trading port in Japan, have also faced cyber intrusions, raising alarm bells across various sectors.
