Chinese hackers were lurking in Japan’s NISC networks for months

Chinese hackers were lurking in Japan’s NISC networks for months

Chinese hackers for nine months had undetected access to the networks of Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), Financial Times reported, citing government and private sector sources.

According to people familiar with the situation, the intrusion started in the autumn of 2022 and lasted until June of this year.

In early August, Japan’s cybersecurity center admitted it suffered a security breach, which saw some personal data linked to email exchanges between October last year and June stolen. The leak came to light on June 13, when the agency detected unauthorized access to its systems.

NISC said at the time that the attackers likely exploited a zero-day vulnerability to gain access to the systems, but didn’t share any technical details regarding said flaw. Following the hack, the agency replaced the affected equipment and reported the breach to the relevant authorities.

An investigation conducted by NISC determined that only information on its email system was compromised, according to FT. It is suspected that a China-linked threat actor was behind the intrusion.

For its part, China’s foreign affairs ministry dismissed claims that the country was behind the attack.

Earlier this month, reports emerged that Chinese nation-state hackers had breached Japan's classified defense network in 2020. The intruders had deep, persistent access and appeared to be after anything they could get their hands on — plans, capabilities, and assessments of military shortcomings.


Back to the list

Latest Posts

Chinese state-backed hackers using Google Calendar for cyberespionage

Chinese state-backed hackers using Google Calendar for cyberespionage

The attack chain begins with spear-phishing emails containing a ZIP archive hosted on the compromised site.
29 May 2025
Over 9,000 ASUS routers compromised in nation-state-like AyySSHush botnet campaign

Over 9,000 ASUS routers compromised in nation-state-like AyySSHush botnet campaign

The attackers reportedly use a mix of brute-force login attempts, authentication bypasses, and old bugs to gain persistent access.
29 May 2025
DragonForce ransomware breaches MSPs via recently patched SimpleHelp flaws

DragonForce ransomware breaches MSPs via recently patched SimpleHelp flaws

After breaching the MSP, the attackers utilized SimpleHelp to gather intelligence across client environments.
28 May 2025