The Japan Aerospace Exploration Agency (JAXA) has fallen victim to a cyberattack during the summer, putting critical space-related technology and data in potential jeopardy.
The security breach came to light in the fall when law enforcement authorities notified JAXA about compromised systems, as reported by The Yomiuri Shimbun. Confirming the breach in a press conference, Chief Cabinet Secretary of Japan Hirokazu Matsuno disclosed that attackers successfully breached the agency’s Active Directory (AD) server. This server plays a pivotal role in overseeing JAXA’s network operations and likely contains crucial information such as employee credentials, significantly amplifying the potential impact of the breach.
In response to the situation, JAXA is collaborating with government cybersecurity experts and law enforcement to conduct an ongoing investigation aimed at determining the full extent of the security compromise.
Although there is no confirmation of a data leak related to the JAXA breach, concerns have been voiced by a JAXA official who stated, “As long as the AD server was hacked, it was very likely that most of the information was visible. This is a very serious situation.”
This cyberattack aligns with a broader trend of cyberespionage targeting JAXA to harvest and steal sensitive information from its servers. Established in 2003, JAXA is Japan’s national aerospace research and development institution, and since 2012, it has been involved in military space development, including the creation of space-based missile early warning systems.
This incident is not the first security breach for JAXA; it faced similar attacks in 2016 and 2017 when nearly 200 Japanese defense-related research institutions and firms experienced a widespread cyber assault. The Japanese Metropolitan Police Department attributed those attacks to a group of Chinese military hackers known as Tick, with aliases BRONZE BUTLER and STALKER PANDA, as revealed in April 2021.