MirrorFace: Chinese hacking group linked to cyber attacks on Japan, what is it, what have they done

Watch more of our videos on ShotsTV.com 
and on Freeview 262 or Freely 565
Visit Shots! now
Japanese authorities have linked more than 200 cyber attacks over the past five years to a Chinese hacking group known as MirrorFace.

These attacks, targeting national security and advanced technology data, have raised serious concerns about Japan’s cybersecurity vulnerabilities. Here’s what you need to know about MirrorFace and their activities:

What is MirrorFace and who is involved?

MirrorFace is a hacking group allegedly tied to the Chinese government. According to Japan’s National Police Agency (NPA), the group has systematically conducted cyber attacks on Japanese institutions from 2019 to 2024. These attacks appear to have been aimed at stealing sensitive data related to Japan’s national security and high-tech industries.

Hide Ad
Hide Ad

What have they done?

MirrorFace has been accused of targeting a wide range of Japanese entities, including:

  • Government ministries such as Japan's foreign and defence ministries.
  • Japan Aerospace Exploration Agency (JAXA), which suffered a series of cyber attacks since 2023, though no sensitive rocket or satellite data was compromised.
  • Private companies, think tanks, and individuals like politicians and journalists, especially those involved in advanced technology.

Japanese authorities have linked more than 200 cyber attacks over the past five years to a Chinese hacking group known as MirrorFace.Japanese authorities have linked more than 200 cyber attacks over the past five years to a Chinese hacking group known as MirrorFace.
Japanese authorities have linked more than 200 cyber attacks over the past five years to a Chinese hacking group known as MirrorFace. | Getty Images

The group’s activities included:

  1. Email-based attacks: MirrorFace used phishing emails to target organisations and individuals. These emails often contained malware-laden attachments, designed to steal data from infected computers.The emails frequently referenced topics such as the “Japan-US alliance,” “Taiwan Strait,” “Russia-Ukraine war,” and “free and open Indo-Pacific.” They posed as invitations to study panels, including fake references and panellist lists.
  2. Exploiting VPN vulnerabilities: From February to October 2023, MirrorFace exploited security weaknesses in virtual private networks (VPNs) to gain unauthorised access to information. Targets included sectors like aerospace, semiconductors, and information and communications.
  3. High-profile attacks: JAXA Cyber Attack: A series of attacks on Japan’s space agency, though sensitive information remained safe.Nagoya Port Incident: In 2022, a cyber attack paralysed container terminal operations for three days.Japan Airlines Christmas Attack: On Christmas 2023, Japan Airlines faced a cyber attack, disrupting more than 20 domestic flights. The airline restored systems hours later, with no impact on flight safety.

The NPA has urged government agencies and private businesses to strengthen their cybersecurity measures. Their investigation concluded that MirrorFace’s attacks were systematic and aligned with the interests of the Chinese government.

"The analysis of the targets, methods, and infrastructure of these cyber attacks concluded they were systematic attacks linked to China with an aim of stealing data on Japanese national security and advanced technology," the NPA said.

Related topics:

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.

Telling news your way
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice