July 11, 2024 at 01:38AM
In late 2023, JAXA’s systems were targeted in a cyberattack, focusing on its Active Directory. Microsoft 365 was accessed without authorization, but no further breaches were found with Microsoft’s assistance. Some malware was discovered and removed, with unauthorized access detected in 2023, including zero-day attacks. However, no information was compromised, and sensitive information related to launch vehicles and satellite operations was not affected. Multiple strains of malware were used, making detection challenging. JAXA had experienced prior breaches in 2016 and 2012. The 2016 attack had Chinese CCP affiliation.
From the meeting notes, it is clear that the Japanese Space Exploration Agency (JAXA) was targeted in a cyberattack in 2023. The attack involved the use of zero-day exploits and unauthorized access to Microsoft 365 (M365). The incident resulted in the discovery and removal of malware by a party other than Microsoft, leading to concerns about potential data compromise.
Despite the breach, JAXA has indicated that no sensitive information related to launch vehicles and satellite operations was compromised, nor was there a significant impact on cooperation with domestic and international partners.
The attack exploited a VPN vulnerability to gain initial access to JAXA’s internal servers and computers. The attackers then compromised user account information, which was used to access the MS365 services. It was noted that the agency had been targeted in previous cyberattacks in 2016 and 2012.
Given the complexity of the attack and the involvement of unknown strains of malware, it was challenging to detect the unauthorized access. The 2023 attack has not yet been attributed to a specific individual or organization.
Overall, the meeting notes highlight the need for continued vigilance and strengthening of cyber defense measures within JAXA to mitigate the risk of future cyber incidents.