Japanese authorities have identified over 200 cyberattacks targeting national security and advanced technologies over the past five years, attributing them to the Chinese-linked hacking group “MirrorFace” (also known as Earth Kasha).
These attacks, which began in 2019, have raised significant concerns about Japan’s cybersecurity readiness and its ability to protect sensitive information.
MirrorFace’s Tactics and Targets
According to the post from HackManac, MirrorFace employs sophisticated spear-phishing campaigns to infiltrate its targets.

The group has been observed using malware-laden emails disguised as legitimate communications from trusted entities, such as political parties or professional organizations.
These emails often contain malicious attachments or links that deploy backdoor malware like LODEINFO, ANEL, and NOOPDOOR, enabling attackers to steal credentials, exfiltrate sensitive files, and execute commands on compromised systems.
The group’s primary targets include Japanese government ministries (such as Foreign Affairs and Defense), space exploration agencies, think tanks, private enterprises involved in advanced technology research, and even individual politicians and journalists.
Recent campaigns have also focused on topics of geopolitical sensitivity, such as Japan-China relations and the Russia-Ukraine conflict.
Links to China and State-Sponsored Operations
Investigations by the National Police Agency (NPA) and other Japanese authorities suggest that MirrorFace operates as part of a broader state-sponsored effort linked to China.
This conclusion is based on the group’s focus on acquiring information critical to Japan’s national security and technological advancements.
MirrorFace’s activities share similarities with other Chinese advanced persistent threat (APT) groups like APT10 (also known as Stone Panda), which have a history of targeting Japanese entities.
The use of advanced malware exclusive to MirrorFace further underscores its specialized capabilities. For example, LODEINFO has been described as a “flagship backdoor” used solely by this group.
Additionally, MirrorFace has revived older malware like ANEL for specific campaigns, demonstrating its adaptability and resourcefulness.
Japan’s Response and Cybersecurity Challenges
Japan has been ramping up its cybersecurity efforts in response to these persistent threats.
The government has implemented measures such as increasing cyber personnel, leveraging artificial intelligence for threat analysis, and integrating cybersecurity considerations into broader defense strategies.
However, experts argue that Japan still lags in developing a comprehensive cyber defense framework tailored specifically to counter state-sponsored attacks.
The NPA has urged governmental bodies and private organizations to strengthen their cybersecurity defenses by adopting proactive measures such as employee training, regular system audits, and advanced threat detection technologies.
Despite these efforts, challenges remain, particularly for small and medium-sized enterprises that often lack the resources to implement robust security measures.
As Japan continues its digital transformation journey, the need for intrinsic security measures built into systems from the outset becomes increasingly critical.
Collaboration with international allies like the United States may also play a pivotal role in enhancing Japan’s cyber resilience.
The ongoing activities of MirrorFace highlight the growing threat posed by state-sponsored cyberattacks.
For Japan, addressing these vulnerabilities is not just a matter of protecting sensitive data but also safeguarding national security in an increasingly interconnected world.
Also Read: