• Kyodo, Bloomberg


China’s military is thought to have instructed a hacker group to conduct cyberattacks on nearly 200 companies and research institutes in Japan, including the Japan Aerospace Exploration Agency, investigative sources said Tuesday.

Tokyo police referred a Chinese man, who is a member of the Chinese Communist Party, to prosecutors Tuesday over his alleged involvement in the cyberattacks, they said.

It is believed that the series of hacks were conducted by "Tick," a Chinese cyberespionage group, under the direction of China's People's Liberation Army, according to the sources.

The man — who is in his 30s and was a system engineer in Japan at the time but has since left the country — is suspected of using a fake ID to gain access to a rental server to launch the cyberattacks, the sources said.

Tick later purchased his fake ID online to access the server, they said.

The allegations, the latest in a series of similar incidents, come amid increasingly difficult relations between Japan and its biggest trading partner. The topic of ties with China dominated the agenda at Prime Minister Yoshihide Suga’s summit with U.S. President Joe Biden in Washington last week.

China’s Foreign Ministry did not immediately respond to a request for comment.

One of the targets, JAXA, said they had confirmed illegal access in 2016, but that there was no information leak or data alteration.

While stopping short of specifically commenting on the investigations, Japan's top government spokesman, Chief Cabinet Secretary Katsunobu Kato, called for relevant entities to "seriously respond" to ensure cybersecurity.

"Cyberattacks against government organizations and critical infrastructure have become more organized and advanced, and the government recognizes that responding to such attacks are critical issues," Kato said in a news conference.

While investigating the cyberattacks, the Tokyo Metropolitan Police Department had identified the Chinese Communist Party member and a former Chinese male student as having signed contracts to rent servers.

The student, who has left Japan, also allegedly used a fake ID that was later bought by Tick.

When the two were questioned before leaving Japan, investigators also found that the student was receiving orders from a cyberattack unit within the PLA, according to the sources.

Unit 61419, located in the eastern Chinese city of Qingdao, Shandong Province, is responsible for cyberattacks on Japan and South Korea, the sources said.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.