Japan's National Center of Incident Readiness and Strategy for Cybersecurity was reportedly suspected to be compromised by Chinese state-sponsored threat actors, reports The Record, a news site by cybersecurity firm Recorded Future.
Aside from confirming earlier this month that its email exchanges were compromised following an email system hack that began last October, NISC has not provided more details regarding the intrusion, with the attribution to Chinese hackers made by government and private sector sources cited by the Financial Times. China was also noted in the same Financial Times report to have been behind the cyberattack against the Port of Nagoya, the country's largest port, last month.
Such a development comes just weeks after the Washington Post reported that Japan's defense networks were discovered by the U.S. National Security Agency to have been compromised by Chinese hackers over the past three years. China has rejected allegations of attacks against Japan, which it then attributed to the U.S.
There has been no evidence that individuals with the Biden campaign responded to the unsolicited emails, according to the agencies, which noted that U.S. media organizations have also been provided with Trump campaign-related information by the hackers.
After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an analysis from Google Cloud's Mandiant revealed.
More than 260,000 devices have been part of the Mirai-based botnet, which has been controlled by the Integrity Technology Group using IP addresses of the China Unicom Beijing Province Network, most of which were from the U.S.