Yu Inamura
The National Police Agency, together with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security (DHS), has issued an alert that “BlackTech,” a cyber attack group involving the Chinese government, has launched attacks against governments and businesses in East Asia, including Japan and Taiwan, and the United States. The National Police Agency has issued an alert to the public.
NPA Names Cyber Attack Group Involved in Chinese Government
The method named this time is called “public attribution,” and this is the sixth case in Japan.
Public attribution refers to the act of identifying the perpetrators of cyber attacks and the organizations and nations involved behind the attacks, and then having the nation announce it in the form of a discourse or statement that includes warnings.
The aim is to deter attacks by naming the perpetrators and to prevent damage by disclosing their modus operandi, since cyber-attacks themselves are highly anonymous and the perpetrators involved are likely to deny the fact.
According to materials released by the National Institute for Defense Studies, “Since 2017, public attribution of cyberattacks with suspected state involvement has expanded beyond the U.S. government, which has been the main country conducting such attribution, and has become more likely to be conducted in the form of cooperation among like-minded countries.
The first of these was the December 2017 announcement by the Five Eyes countries (the United States, the United Kingdom, Canada, Australia, and New Zealand), Japan, and Denmark regarding the WannaCry ransomware, in which they blamed the North Korean government for the attacker, known as the Lazarus Group, and its backers. The Public Attribution is a case in point.
This public attribution is actively publicized, especially by Five Ice, but the participating countries in the public attribution vary depending on the entity of the attacker, as well as the method of coordination, such as “official statements of condemnation” or “statements of support.
For example, if the attacker involves China, Japan will participate, and if Russia is involved, Poland, Estonia, and other Baltic countries will participate, but the method of coordination and the participating countries will vary depending on the political situation.
What is BlackTech?
BlackTech” has reportedly been conducting cyber-attacks aimed at stealing sensitive information in the telecommunications domain in East Asia, including Japan, and the United States, with a focus on Taiwan since around 2010.
In the past, it is said to have been involved in a cyber attack on Mitsubishi Electric Corporation that occurred in 2019.
In this incident, confidential information related to defense, electric power, and other critical infrastructure was targeted, and according to the Ministry of Defense, there are approximately 20,000 data files of defense-related information that may have been leaked, 59 of which are known to have potential security implications.
General Households Also Targeted
According to the National Police Agency, the main method of BlackTech is to break into a company’s internal network through the router of an affiliated company, such as an overseas subsidiary, and then break into the company’s headquarters or other offices to steal confidential information.
In the recent Mitsubishi Electric incident, it is believed that the intrusion route was from an affiliated company in China to Mitsubishi Electric’s Chinese subsidiary and then to Mitsubishi Electric’s internal network in Japan.
In addition, it is said that routers in ordinary homes are sometimes used as a transit point. In fact, in March of this year, the Metropolitan Police Department issued an “Alert on Unauthorized Use of Home Routers,” claiming that cyber attackers were enabling routers used in ordinary homes by illegally manipulating them from the outside.
The Metropolitan Police Department has requested that users “change simple IDs and passwords in the default settings,” “always use the latest firmware,” “consider replacing routers that are no longer supported,” and “regularly check for changes in settings that you do not recognize. Otherwise, you could be complicit in a cyber attack.
Cyber attacks may seem unrealistic and even irrelevant to us, but they are a real threat. Our indifference to the situation in which Japan finds itself is a crisis in itself.
Written by Yu Inamura, President of the Japan Counter Intelligence Association
