Russia-linked hackers attack Japan’s goverment, ports

Two Russian hacking groups leveled distributed denial-of-service (DDoS) attacks at Japanese logistics and shipbuilding firms — as well as government and political organizations — in what experts believe are attempts to pressure the Japanese government. The attacks came after lawmakers boosted the nation’s defense budget, and its military conducted exercises with regional allies.

The two pro-Russian cyberthreat groups — NoName057(16) and the Russian Cyber Army Team — started attacking Japanese targets on Oct. 14, with more than half of the attacks targeting logistics, shipbuilding, and manufacturing firms, according to network-monitoring firm Netscout. The groups, especially NoName057(16), have made a name for themselves by attacking Ukrainian and European targets following Russia’s invasion of Ukraine.

In the latest spate of attacks, the groups targeted Japanese industry and government agencies after the Ministry of Foreign Affairs of the Russian Federation expressed concern over the ramp-up of Japan’s military, says Richard Hummel, director of threat intelligence for Netscout.

“Japan had their elections last week, and the leader that took over is no fan of Russia and, in fact, has been very vocal about supporting Ukraine and sending aid,” he says. “Japan is also working with the US military on joint exercises and ballistics missiles testing — these are the [regional events] that NoName057 will go after.”

With geopolitical rivalries with China and Russia heating up, Japan is in the midst of its largest military buildup since World War II. In December 2022, the nation unveiled a five-year $320 billion plan that includes long-range cruise missiles that could hit targets in China, North Korea, and Russia. The move marked a significant shift away from Japan’s self-defense-only policy, with the government continuing the move by increasing military spending by 16% this year.

On Oct. 17, Japan’s Deputy Chief Cabinet Secretary Kazuhiko Aoki said the government is investigating the DDoS attacks.

More than half of the attacks targeted the logistics and manufacturing sector, while nearly a third targeted government agencies and political organizations in Japan, Netscout stated in its analysis.

The Russian group “has leveraged every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets,” the analysis stated. “As of this writing, approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilizing approximately 30 different attack configurations to maximize attack impact.”

To read the complete article, visit Dark Reading.