Japan National Center for Incident Readiness And Strategy for Cybersecurity infiltrated by hackers

The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) in Japan was a victim of a prolonged infiltration carried out by threat actors.

The infiltration lasted for as long as nine months, compromised sensitive data, with indications pointing toward China-linked hackers as the likely perpetrators.

The breach began in the fall of 2022 and was uncovered in June 2023. The intrusion is believed to have originated from the compromise of an email account belonging to a member of the NISC agency. In response to this breach, NISC took the step of sending out notifications via email to domestic and international partners, warning them about the potential compromise of data.

The nature of the breach, coupled with the sensitivity of the NISC agency's work, has raised concerns regarding Japan's ability to safeguard confidential information. This skepticism has been fueled by previous cyber incidents involving Japan, such as a major attack on its defense networks in 2020, attributed to China-linked cyberspies. Additionally, the Port of Nagoya, one of Japan's largest ports, experienced a debilitating ransomware attack that impacted its operations.

An NISC official has stated that the investigation into the infiltration has been concluded, revealing that the compromise was limited to an unspecified email system within the agency.

No details are available about the breached data or individuals.

Experts familiar with the matter believe that the nature of the attack and the target itself strongly suggest state-sponsored involvement, with China being the most likely originator of the intrusion. The Chinese government, however, has vehemently denied any involvement and instead placed blame on Japan's allies for the attack.