Japan in the Crosshairs of Many State-Sponsored Threat Actors New Report Finds

Written by

Japan finds itself in the crosshairs of many threat actors for both cyber espionage and financially motivated campaigns, a new report by Rapid7 has found.

In the new research paper, Japan and Its Global Business Footprint: The Cyberthreat Landscape Report, published on June 28, 2023, Rapid7 found that the East Asian nation is on the radar of three of the four countries typically sources of state-sponsored threats: China, North Korea and Russia.

The report also found that the manufacturing industry reported 32.5% of all ransomware attacks in the first half of 2022. By comparison, only 7.9% came from the healthcare industry during the same period.

According to Paul Prudhomme, the head of the threat intelligence advisory at Rapid7, “Japanese manufacturing organizations are uniquely susceptible to cyber-attacks for two main reasons: on the one hand, they have deep ties with supply chains across the world, meaning they are useful targets; and on the other hand, they practice just-in-time production, which means they have barely any stocks and makes their operational processes significantly vulnerable.”

The report also found that, since the most prominent Japanese companies have a global presence worldwide, with recognizable brands, especially in manufacturing, automotive and technology, the compromises of Japanese parent companies often originate from their overseas subsidiaries or affiliates.

“Threat actors can then move laterally back to the parent company's systems back in Japan,” Prudhomme added.

China, North Korea, Russia and… Vietnam

An example of this type of lateral movement occurred with Panasonic when its Indian branch experienced a data disclosure extortion incident in October 2020 and its Canadian branch was also targeted in February 2022.

Also, when Nissan Canada Finance (NCF), which finances the purchase or lease of cars from Nissan, Infiniti and Mitsubishi dealers, received a ransom demand in December 2017.

Chinese-affiliated groups used similar tactics but in a broader range of industries. In late 2021, for instance, Earth Tengshe (also known as Bronze Riverside), a subset of Chinese APT10, targeted overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy, and technology companies to allegedly gain access to the parent companies in Japan.

Additionally, another state-sponsored threat actor has recently been observed targeting Japanese organizations from Vietnam.

“The Vietnamese APT32, also known as OceanLotus, has demonstrated a special interest in the targeting of foreign competitors of Vietnam’s budding automotive industry. An anonymous official at one of the largest Japanese automotive manufacturers reportedly confirmed in 2019 that APT32 had targeted that company and its overseas operations. Security researchers observed that APT32 had created domains to spoof that automotive manufacturer’s legitimate infrastructure as an attack vector,” reads the report.

Falling Behind

These threats are particularly concerning, since Japan has a long reputation of falling behind in terms of cybersecurity policies, both in the private and public sectors, Sabeen Malik, VP of Global Government Affairs and Public Policy at Rapid7, told Infosecurity.

“Japan lags behind other advanced nations in cybersecurity. The International Institute for Strategic Studies placed Japan at the bottom of its three-scale ranking in a June 2021 report. The London-based think tank cited the country's weak cybersecurity in public and private sectors, inducing its ability to keep track of malicious intrusion attempts and lack of a legal framework to launch counterattacks. It’s not relaxed, but not adapted to deal with cyberattacks in the way they happen, especially to country infrastructure,” Malik said.

Japan is often overlooked in the cyber threat intelligence English-speaking literature despite being the world’s third-largest economy, after the US and China.

Prudhomme said: “With this new report, Rapid7 hopes to offer a one-stop shop that gives a broad, comprehensive perspective on the Japanese threat landscape in English.”

The Japanese government unveiled its revised National Security Strategy in December 2022.

What’s hot on Infosecurity Magazine?