Japan's Ground Self-Defense Force accidentally used fake USB drives infected with malware linked to a Chinese hacking group, according to a Nikkei report. The devices were connected to military computers, including some on classified networks, before the infection was discovered.
The fake USB drives were reportedly handed to soldiers during earthquake relief efforts in March 2024. The malware was not found until February 2025, after a soldier noticed a computer running slowly. An investigation found that six of the eight USB drives were infected and had been connected to more than 50 computers.
Japanese officials said the malware did not steal data or spread across military systems, describing it as an older type of malware that only copied itself.
The incident was not made public for almost a year. Japan is now reviewing its security procedures and informing NATO partners about the possible exposure of sensitive military networks, the publication said.