Photo/Illutration The Japan Aerospace Exploration Agency said no sensitive information about national security or rocket technologies was compromised in last year’s cyberattack. (Asahi Shimbun file photo)

A series of cyberattacks on the Japan Aerospace Exploration Agency resulted in a mass data leak of more than 10,000 files that includes classified material.

Attacks occurred in June 2023 and multiple times a year, although investigations are ongoing regarding whether more information was stolen in this year's attacks.

In addition to internal data, potentially compromised entities include NASA, Toyota Motor Corp., Mitsubishi Heavy Industries Ltd. and the Defense Ministry, with which JAXA has nondisclosure agreements.

Information from numerous aerospace and defense-related organizations and companies was also exposed. 

JAXA stated that no sensitive information related to national security or rocket technologies was stolen in last year's breach.

Personal data of approximately 5,000 JAXA personnel and employees from partner companies was used to access the Microsoft 365 accounts of JAXA executives.

An external investigation, commissioned by JAXA, points to the involvement of a Chinese hacker group based on intrusion traces and other evidence.

The agency did not realize it had been infiltrated until police and other authorities contacted JAXA four months after the initial attack in 2023. Their countermeasures included introducing new security equipment.

In all cases, hackers exploited vulnerabilities in their VPNs (virtual private networks) that connect the external internet to encrypted private networks. Specifically, research networks within JAXA's Chofu Aerospace Center in western Tokyo and their business networks were compromised.

The agency emphasized that networks used for rocket launches and transportation are separate from their business networks.

Science minister Masahito Moriyama on June 21 acknowledged the JAXA data breach but said no sensitive rocket or satellite launch information was leaked.

Chief Cabinet Secretary Yoshimasa Hayashi said on the same day that the incidents are being investigated by government offices, including the National Center of Incident Readiness and Strategy for Cybersecurity. 

"We will work to strengthen our country's cybersecurity in the increasingly complex cyberspace," Hayashi said. 

It is believed that hackers purposefully targeted JAXA in this series of attacks. The agency has reported the incidents to the science and technology ministry and the government's Personal Information Protection Commission. 

JAXA also experienced cyberattacks in 2013 and 2016. The National Police Agency attributed the 2016 incident to a Chinese hacker group.

Related News