Summary: Russian threat actors have launched a series of DDoS attacks against various Japanese websites in response to upcoming military exercises between Japan and the U.S. The attacks targeted political parties, major manufacturers, and local government sites, disrupting services significantly.
Threat Actor: NoName057(16) | NoName057(16)
Victim: Japan | Japan
Key Point :
- Russian actors executed DDoS attacks on a dozen Japanese websites, including the Liberal Democratic Party and various business groups.
- The attacks coincided with Japan’s military exercises with the U.S., which Russia publicly protested.
- Cybersecurity firm Netscout reported that the attacks utilized multiple direct-path DDoS vectors from various networks.
- This is part of a broader pattern of cyber retaliation by Russian hackers against Japan for its support of Ukraine.
Cyberwarfare / Nation-State Attacks
,
DDoS Protection
,
Fraud Management & Cybercrime
Russian Actors Disrupt Websites of Political Party, Business and Government Groups
Plans by Japan and U.S. to conduct military exercises near the coast of eastern Russia prompted Russia-linked threat actors to unleash a series of denial-of-service attacks this week against a dozen websites in Japan including the majority political party, major manufacturers, business groups and local governments.
See Also: 2024 CISO Insights: Navigating the Cybersecurity Maelstrom
The DDoS attacks began shortly after Russia protested Japan’s military exercise with the U.S. military, Operation Keen Sword 25, which is scheduled Oct. 23 and Nov. 1. Japanese news agency Asahi Shimbun reported Thursday that multiple websites went down from DDoS attacks launched from overseas.
The Yamanashi prefectural government’s website reportedly faced 6.2 million visits from 69 countries Wednesday afternoon, stalling it for close to five hours. The website for the Liberal Democratic Party, led by Prime Minister Abe Shinzo, went down for about six hours on Wednesday. Other targeted organizations include the Federation of Bar Associations of Japan, Japan Chamber of Commerce and Industry, Japan Automobile Importers Association, Kawasaki Heavy Industries, the International Economic Exchange Fund, Japan Shipbuilders Association and the Japan Institute of Distribution Economics.
A threat actor using the name “NoName057(16)” took responsibility for the attacks, saying that Japan’s military operations near the Russian border could not go unanswered.
“We punish Russophobic Japan and remind that any measures directed against Russia can end badly,” the threat actor wrote on X.
According to cybersecurity company Netscout, the DDoS attacks primarily targeted Japanese shipbuilding and logistics companies, followed by government, political and social organizations.
“Multiple non-spoofed, direct-path DDoS attack vectors were utilized, primarily originating from well-known nuisance networks, as well as cloud provider and VPN networks. The attack campaign is ongoing, and the hacktivists continue to push new targets to their DDoSia botnet,” the firm added.
Tokyo-based Sasakawa Peace Foundation said Russian actors carried out a similar campaign in June after Japan supported a G7 proposal to use earning from frozen Russian assets to secure a $50 billion loan in favor of Ukraine. Russian hackers targeted the websites of the Ministry of Internal Affairs and Communications, the Ministry of Land, Infrastructure, Transport and Tourism, and the Japan Housing Finance Agency, and others.
In February, during the Japan-Ukraine Conference for Promotion of Economic Growth and Reconstruction, Russian hackers targeted the websites of the House of Representatives, the Japan Securities Dealers Association, the Japan Automobile Manufacturers Association, and several leading Japanese companies.
Source: https://www.bankinfosecurity.com/military-exercises-trigger-russian-ddos-attacks-on-japan-a-26561