United News of Bangladesh

Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country's national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. The National Police Agency said its analysis on the targets, methods and infrastructure of the cyberattacks by MirrorFace from 2019 to 2024 concluded they were systematic attacks linked to China with an aim of stealing data on Japanese national security and advanced technology. The targets of the Chinese government-led cyberattacks included Japan's Foreign and Defense ministries, the country's space agency and individuals including politicians, journalists, private companies and think tanks related to advanced technology, the NPA said. Experts have repeatedly raised concerns about the vulnerability of Japan’s cybersecurity, especially as the country steps up its defense capabilities and works more closely with the United States and other partners to strengthen cyber defenses. Japan has taken steps but experts say more work is needed. Japan Airlines hit by a cyberattack, delaying flights during the year-end holiday season MirrorFace sent emails with attachments containing malware to targeted organizations and individuals to view data saved on computers mainly from December 2019 to July 2023, often from Gmail and Microsoft Outlook addresses using stolen identities, the NPA investigation found. The emails typically used as subjects key words such as “Japan-U.S. alliance,” “Taiwan Strait,” “Russia-Ukraine war” and “free and open Indo-Pacific," and included an invitation for a study panel, references and a list of panelists, the NPA said. In another tactic, the hackers targeted Japanese organizations in areas of aerospace, semiconductors, information and communications from February to October 2023 by exploiting vulnerabilities in virtual private networks to gain unauthorized access to information. The attacks included one on the Japan Aerospace and Exploration Agency, or JAXA, which acknowledged in June it had suffered a series of cyberattacks since 2023, though sensitive information related to rockets, satellites and defense was not affected. It was investigating to take preventive measures. Last year, a cyberattack paralyzed operations at a container terminal at a port in the city of Nagoya for three days. More recently, Japan Airlines was hit by a cyberattack on Christmas, causing delays and cancellations to more than 20 domestic flights, though the carrier was able to stop the onslaught and restore its systems hours later and there was no impact on flight safety.

Ukraine’s parliament and other government and banking websites were hit with another punishing wave of distributed-denial-of-service attacks Wednesday, and cybersecurity researchers said unidentified attackers had also infected hundreds of computers with destructive malware. Some of the infected computers were in neighboring Latvia and Lithuania, the researchers said. Early Thursday local time in Ukraine, as fears of a Russian invasion heightened, the foreign ministry and council of ministers were unreachable and other sites were slow to load, suggesting the DDoS attacks were continuing, though there was no official confirmation. Officials have long expected cyber attacks to precede and accompany any Russian military incursion, and analysts said the activity hewed to Russia’s playbook of wedding cyber operations with real-world aggression. ESET Research Labs said it detected a previously unseen piece of data-wiping malware Wednesday on “hundreds of machines in the country.” It was not clear how many networks were affected.  “With regards whether the malware was successful in its wiping capability, we assume that this indeed was the case and affected machines were wiped,” said ESET research chief Jean-Ian Boutin. He would not name the targets but said they were “large organizations.” ESET was unable to say who was responsible. Symantec Threat Intelligence detected three organizations hit by the wiper malware — Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine, said Vikram Thakur, its technical director. Both countries are NATO members. “The attackers have gone after these targets without much caring for where they may be physically located,” he said. Also read: Putin announces military operation in Ukraine All three targets had “close affiliation with the government of Ukraine,” said Thakur, saying Symantec believed the attacks were “highly targeted.” He said roughly 50 computers at the financial outfit were impacted, some with data wiped. Asked about the wiper attack, senior Ukrainian cyber defense official Victor Zhora had no comment. Boutin said the malware’s timestamp indicated it was created in late December. “Russia likely has been planning this for months, so it is hard to say how many organizations or agencies have been backdoored in preparation for these attacks,” said Chester Wisniewski, principal research scientist at the cybersecurity firm Sophos. He guessed the Kremlin intended with the malware to “send the message that they have compromised a significant amount of Ukrainian infrastructure and these are just little morsels to show how ubiquitous their penetration is.” Word of the wiper follows a mid-January attack that Ukrainian officials blamed on Russia in which the defacement of some 70 government websites was used to mask intrusions into government networks in which at least two servers were damaged with wiper malware masquerading as ransomware. Read:Russia evacuating embassy in Ukraine as crisis escalates Thakur said it was too early to say if the malware attack discovered Wednesday was as serious as the variety that damaged servers in January. Cyberattacks have been a key tool of Russian aggression in Ukraine since before 2014, when the Kremlin annexed Crimea and hackers tried to thwart elections. They were also used against Estonia in 2007 and Georgia in 2008. Distributed-denial-of-service attacks are among the least impactful because they don’t entail network intrusion. Such attacks barrage websites with junk traffic so they become unreachable. The DDoS targets Wednesday included the defense and foreign ministries, the Council of Ministers and Privatbank, the country’s largest commercial bank. Many of the same sites were similarly knocked offline Feb. 13-14 in DDoS attacks that the U.S. and U.K. governments quickly blamed on Russia’s GRU military intelligence agency Wednesday’s DDoS attacks appeared less impactful than the earlier onslaught — with targeted sites soon reachable again — as emergency responders blunted them. Zhora’s office, Ukraine’s information protection agency, said responders switched to a different DDoS protection service provider. Doug Madory, director of internet analysis at the network management firm Kentik Inc., recorded two attack waves each lasting more than an hour. A spokesman for California-based Cloudflare, which provides services to some of the targeted sites, said DDoS attacks in Ukraine have been sporadic and on the rise in the past month but “relatively modest compared to large DDoS attacks we’ve handled in the past.” The West blames Russia’s GRU for some of the most damaging cyberattacks on record, including a pair in 2015 and 2016 that briefly knocked out parts of Ukraine’s power grid and the NotPetya “wiper” virus of 2017, which caused more than $10 billion of damage globally by infecting companies that do business in Ukraine with malware seeded through a tax preparation software update. The wiper malware detected in Ukraine this year has so far been manually activated, as opposed to a worm like NotPetya, which can spread out of control across borders.