Threat actors behind last year’s cyberattack on the Japan Aerospace Exploration Agency (JAXA) managed to hijack the accounts of approximately five board directors, including the agency’s president, Hiroshi Yamakawa, Japanese news media outlet Asahi Shimbun reported.
Since June 2023, JAXA has been hit with four separate cyberattacks, with the first being particularly damaging. In that incident, personal data belonging to around 5,000 employees from JAXA and its associated companies were stolen—practically everyone whose information was stored on the agency’s network. JAXA’s internal investigation revealed that the hackers commandeered roughly 200 accounts, including those of senior officials and members of JAXA’s leadership team.
Among the compromised accounts were those of five board members, representing over half of the nine-member board at the time. These directors, including the president, had access to critical details about JAXA’s external negotiations, space exploration efforts, and national security initiatives. The hackers also gained control over accounts of senior officials involved in policy and budget affairs.
The investigation further revealed that the threat actors exploited Microsoft cloud services during the June attack. It is estimated that over 10,000 files stored on the platform may have been accessed without authorization. More than 1,000 of those files were provided by external entities, including more than 40 companies and organizations, such as NASA, the European Space Agency, Toyota Motor Corp., Mitsubishi Heavy Industries, and Japan’s Defense Agency.
Many of the exposed files pertained to highly sensitive projects, particularly within JAXA’s Strategic Planning and Management Department, the JAXA Space Exploration Center, and the Human Spaceflight Technology Directorate. The JAXA Space Exploration Center, which plays a vital role in NASA’s Artemis lunar exploration program, was one of the divisions most affected. Toyota, which is collaborating on the development of a manned lunar rover for Artemis, was also heavily impacted, with the largest number of leaked files reportedly related to the automotive giant, according to the report.
Other compromised documents may have contained critical information linked to space exploration and defense technology, including files related to NASA and Mitsubishi Heavy Industries.
In July, JAXA released a preliminary report outlining the extent of the damage caused by the cyberattacks. While officials confirmed the loss of sensitive information, they reported that no significant operational disruptions had occurred at the affected entities.