China’s People’s Liberation Army (PLA) allegedly ordered a hacker group to conduct cyberattacks on roughly 200 Japanese research institutions, defense firms, and companies from 2016-2017, Japan’s public broadcaster NHK reported on Tuesday.
The Tokyo Metropolitan Police Department referred a male member of the Chinese Communist Party (CCP) to prosecutors on April 20 “on suspicion of forging digital records related to the cyberattacks,” according to NHK.
The Japan Aerospace Exploration Agency (JAXA) was among the firms targeted by the cyber attacks in 2016, the Japanese outlet claimed. Tokyo police have since “identified a Chinese man who had leased several servers in Japan that were allegedly used in the attack [on JAXA],” NHK wrote on April 20, citing unidentified sources involved in the police investigation.
“The man, who is no longer in Japan, is said to be a computer engineer in his 30s. He allegedly rented servers five times under false names,” the broadcaster revealed, adding, “Investigative sources say the servers’ ID and other credentials were then passed on to a Chinese hacker group known as ‘Tick.'”
The Tokyo Metropolitan Police Department said it suspects the Chinese PLA directed Tick, a private hacker group, to conduct cyberattacks on about 200 Japanese companies and research institutions, including Mitsubishi Electric and Tokyo’s Keio University.
A JAXA spokesperson spoke to NHK this week and confirmed the Japanese space agency “did experience unauthorized access, but suffered no data leaks or other damage.”
“Meanwhile, another Chinese man is also said to have rented several servers in Japan using fake identities. This was allegedly under the instruction of a member of unit 61419 – a bureau in charge of cyberattacks within China’s PLA,” the NHK further alleged in its report on Tuesday.
“Unit 61419, located in the eastern Chinese city of Qingdao, Shandong Province, is responsible for cyberattacks on Japan and South Korea,” Japan’s Kyodo News reported on Tuesday, citing its own unnamed sources within the Tokyo police investigation.
Kyodo News partially identified the second male suspect in the case as a “former Chinese male student.” The student, who has since left Japan, allegedly used a fake ID to rent a Japanese server. Tick later purchased the student’s fake ID to access the server, which it then used to launch a cyberattack on a Japanese company. This process was also used by Tick to attack JAXA, according to Kyodo News.
“When the two [Chinese suspects] were questioned before leaving Japan, investigators also found that the former student was receiving orders from a cyberattack unit within the PLA,” Kyodo News reported on Tuesday, citing sources within the Tokyo police investigation.
COMMENTS
Please let us know if you're having issues with commenting.