The Japanese government issued an official alert this Wednesday, confirming that a sophisticated Chinese hacking group has systematically breached government bodies, private corporations, and high-profile individuals since 2019. Authorities have officially attributed the multi-year campaign to the threat actor known as MirrorFace.
Targeting National Security and Tech Infrastructure
According to the National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, the primary objective of these attacks is the theft of sensitive data related to Japan’s national security and advanced technological assets. Detailed reports indicate that the compromised entities span across the Foreign and Defense ministries, the national space agency, think tanks, and major manufacturing sectors, as reported by the Associated Press.
Evolution of MirrorFace Tactics
The operation has shown a clear evolution in its target profile. While initial efforts focused on media, political organizations, and universities, the group pivoted toward manufacturers and research institutions starting in 2023, according to a JPCERT/CC analysis.
Research published by ESET in 2022 first highlighted the group’s use of spearphishing to compromise political entities during election cycles. MirrorFace continues to utilize this technique, deploying malicious attachments across three distinct operational waves:
- 2019–2023: Focused on think tanks, journalists, and active or retired politicians.
- 2023–Present: Targeting network devices in the semiconductor, aerospace, and communications sectors.
- June 2024–Present: A renewed focus on the academic sector, media, and policy influencers.
Geopolitical Implications
This revelation highlights persistent vulnerabilities within Japan’s digital infrastructure. Despite its status as a key U.S. ally, Japan’s constitutional constraints have historically limited its offensive cyber capabilities, experts note. The severity of these breaches mirrors findings from 2020, when the U.S. National Security Agency reportedly uncovered that Chinese military hackers had successfully penetrated Japan’s most sensitive classified defense networks, as documented by The Washington Post.