December 1, 2023 at 02:22PM
Japan’s space agency, JAXA, suffered a cyberattack this past summer through a Microsoft Active Directory breach, potentially exposing sensitive data. Nation-state hackers are suspected given past incidents involving Chinese military hackers. JAXA is investigating the breach’s scope and has partially shut down its network.
**Takeaways from Meeting Notes:**
1. Incident Disclosure:
– JAXA experienced a cyber incident in the past summer involving a breach of Microsoft Active Directory.
– Chief cabinet secretary Hirokazu Matsuno briefed on the incident on the morning of November 29.
– Initial investigations confirm illegal access to JAXA’s network.
2. Implications of the Breach:
– Breach occurred in JAXA’s Active Directory server, critical for network access control and admin credentials.
– Officials suggest that the breach likely exposed a majority of JAXA’s information.
– The seriousness of the situation acknowledged, with many details still unconfirmed.
3. Context of Previous Breaches:
– Microsoft Active Directory and related components have been compromised in the past.
– Similar incidents: Microsoft 365 breach through vulnerabilities and misuse of stolen Microsoft account key leading to unauthorized access token creation.
– U.S. Senator Ron Wyden pressed for Microsoft’s accountability after these events.
4. Suspicions of State-Sponsored Involvement:
– The breach at JAXA is suspected to be the work of state-sponsored actors due to its characteristics.
– Past incidents involved Chinese military hackers targeting Japanese entities.
– Sophistication and timing of the breach, along with JAXA’s involvement in sensitive space technologies, suggest strategic motives.
5. JAXA’s Response:
– JAXA has partially shut down its network operations to contain the breach.
– A full-scale investigation is underway to assess the breach’s scope and impact.
– The agency is coordinating with the central government and law enforcement agencies.
**Immediate Actions:**
– JAXA must complete the ongoing investigation and take necessary measures to secure its network.
– It should review and enhance cybersecurity practices to prevent future incidents.
– Cooperation with governmental and police authorities should continue, potentially including international collaboration if state-sponsored actors are confirmed.