Japanese Chief Cabinet Secretary Kato Katsunobu announced Tuesday that a hacking group known as APT40 attacked several Japanese companies and is “highly likely” to be an instrument of the Chinese government.
“We are keeping a close eye, with strong concern” on the cyberattacks, Kato said at a press briefing.
Japan’s Foreign Ministry released a statement about the cyberattacks that concurred with the judgment of American, British, and allied intelligence services that APT40 (Advanced Persistent Threat 40) is working for the Chinese state.
“Japan also assesses that it is highly likely that the Chinese government is behind APT40 and has been paying close attention with deep concern to these attacks by APT40 and others which threaten the security of cyberspace. Japan strongly supports the public statements by the United Kingdom, the United States and other countries which express the determination to uphold the rules-based international order in cyberspace,” the Foreign Ministry said.
“The Government of Japan considers it to be a matter of strong concern from the national security viewpoint, firmly condemns and will take strict measures against these activities,” the statement declared.
The Foreign Ministry further accused APT40 of playing a role in the wave of Chinese cyberattacks against some 200 Japanese corporations, government agencies, and research organizations that began in 2016. Japan’s space agency JAXA was among the targets of these attacks.
Tokyo police announced in April they were conducting a criminal investigation of the hacking campaign, primarily executed by a group known as “Tick,” which is linked to Unit 61419 of the Chinese People’s Liberation Army (PLA).
Unit 61419 coordinates the activities of supposedly “independent” hacker groups that function as deniable covert operatives of the oppressive Chinese state. Among other activities, the PLA military unit evidently helps Chinese hacking squads defeat Western antivirus software and system security protocols.
The Japanese Foreign Ministry said Tuesday that it has “confirmed” APT40 also targeted Japanese companies during the Tick group’s hacking campaign.
Japan reported another surge of hacking activity against government agencies and transportation infrastructure in May, including an effort to steal air traffic control data from Tokyo’s Narita Airport, the major air travel hub for the upcoming Summer Olympics.
The hacking group APT40 dates back to at least 2013. Cybersecurity firm FireEye refers to it as a “China-nexus espionage actor” that was initially tasked with stealing technology that could help to modernize the Chinese navy.
APT40’s primary mission shifted in recent years to helping China expand its Belt and Road Initiative (BRI), a program that spreads Beijing’s political influence by building expensive infrastructure projects in developing countries, often entrapping their governments with massive loans from Chinese state-controlled banks that can never be repaid.
The U.S. Department of Justice (DOJ) on Monday unsealed the May indictment of four Chinese nationals accused of working with APT40 between 2011 and 2018 to conduct a “worldwide hacking and economic espionage campaign led by the government of China,” as Acting U.S. Attorney Randy Grossman of the Southern District of California put it.
“The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovate,” Grossman said.
The defendants are accused of targeting key industries in nations across the world, including the United States, to steal “trade secrets and confidential business information” related to aviation, defense, pharmaceuticals, and maritime technology.
The Chinese state hackers were especially interested in stealing technology related to submarines, autonomous vehicles, gene sequencing, and perhaps most ominously, infectious diseases. They also stole information that could help China “secure contracts for state-owned enterprises within the targeted countries.”
The defendants were described as agents of China’s Ministry of State Security (MSS) who received support from several Chinese universities in addition to working with APT40 under its many aliases.