Japan aerospace agency provides details of October data breach

The phrase “may have been” signals that JAXA officials are still not certain what was and was not accessed. The agency also shared a cryptic comment that “In the course of taking the above measures and strengthening monitoring, we have detected and responded to multiple unauthorized accesses to JAXA’s network since January of this year—including zero-day attacks—though no information was compromised,” the statement said, revealing that JAXA has been hit subsequent to the initial attack, but that the agency believes it successfully fought the subsequent attacks and prevented further data leakage.

JAXA has not said who the attackers were, but most cybersecurity observers are pointing the finger at state actors working for China.

“The fact that a space agency was targeted with a sophisticated complex attack indicates a state actor with goals to compromise data, not just gather intelligence or send a political message, with the lead suspect being a China affiliated cyber security private company of some sort,” said Irina Tsukerman, a geopolitical analyst and the president of Scarab Rising, a global strategy advisory firm. “Such an attack is likely the work of either a state-backed independent hacker, possibly part of an intelligence gathering gang, whose methods could potentially be analyzed and compared to prior such attacks, or it could be attributed to a private cybersecurity company, most likely affiliated with China, in which case prior incidents could be harder to detect. The most interesting detail was the description of the attack and the fact that the attacker used several different types of malware and nevertheless went undetected. It indicates an unusually persistent and planned long term attack with an unusual level of complexity and stealth.”