Japanese authorities reported more than 200 Chinese state-backed cyberattacks since 2019.
Chinese cyberattacks on Japan’s defense, aerospace, and advanced technology sectors are increasing at an alarming rate, indicating what experts refer to as a broader strategy to undermine the technological and military strengths of democratic nations, particularly the United States.
The Japanese National Police Agency (NPA) has reported 210 such incursions since 2019, fueling calls for tougher legal frameworks and closer international coordination to protect critical infrastructure.
The NPA identified the hacker group MirrorFace, which shares traits with Advanced Persistent Threat 10, or APT10, a group linked to China’s Ministry of State Security. The agency noted that the timing of the cyberattacks frequently coincided with standard working hours in China and excluded Chinese holidays, leading authorities to believe that the Chinese Communist Party (CCP) has been supporting such attacks.
The NPA has observed that these increasing cyberattacks have been carried out in three phases.
The first phase lasted from December 2019 to July 2023. Government entities, think tanks, and the media were primarily targeted, indicating an attempt to sway policy and public sentiment.
The second phase, from February to October 2023, marked a shift toward semiconductors, manufacturing, and academic institutions, focusing on Japan’s technological hub.
The third phase, starting in June 2024, has seen a resurgence in targeting academia, politicians, and the media, reflecting an ongoing effort to influence public discourse and shape policies.
Japan’s 2024 Defense White Paper found that the Chinese military’s cyber warfare unit had emerged from the former Strategic Support Force, which had around 175,000 personnel, including 30,000 dedicated to cyberattacks.
A high-profile target was the Japan Aerospace Exploration Agency (JAXA). Hackers exploited VPN vulnerabilities to break into its Microsoft 365 Cloud service, compromising around 200 employee accounts and exfiltrating over 10,000 files between 2023 and 2024, according to Japanese media.
Among the stolen data were details on JAXA’s Martian Moons Exploration (MMX) mission, part of the agency’s manned lunar program. This raises concerns about China using this information to advance its own Mars endeavors.
With the MMX program set to launch in 2026 and China’s Mars sample return missions slated for around 2028, both nations are racing to achieve historic breakthroughs.
By Sean Tseng and Jon Sun
