As Incidents Rise, Japanese Government's Cybersecurity Falls Short - Dark Reading

Cyber RiskCybersecurity OperationsThreat IntelligenceVulnerabilities & ThreatsNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificAs Incidents Rise, Japanese Government's Cybersecurity Falls ShortThe Japanese government suffered the most cybersecurity incidents in 2024 — 447, nearly double the previous year — while failing to manage 16% of critical systems.Robert Lemos,Contributing WriterSeptember 23, 20254 Min ReadSource: Anton Balazh via ShutterstockJapan faces increased cyberattacks from nation-state actors and cybercriminals, but has fallen behind in managing the cybersecurity of critical government systems, according to reports.Earlier this month, Japan's Board of Audit identified 58 critical systems at a dozen government agencies that lacked appropriate security controls and management, according to the group's latest report. The findings come as the Japanese government faces increased cyberattacks, with at least 447 cybersecurity incidents reported in 2024, more than double the previous year, according to data cited by online news site Nikkei Asia. While Japan's commercial industries are targeted by ransomware and info-stealers, the government continues to find itself the focus on cyber-espionage attacks and cyber-physical attacks on critical infrastructure. The extended MirrorFace campaign, for example, has likely led to critical data loss, says Jon Clay, senior threat researcher at cybersecurity firm Trend Micro.Related:Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities"Japan is friendly with the United States and, as such, is a target for nation-states, especially China, who performs cyber espionage and intelligence gathering attacks against them," he says. "We've seen a number of Chinese APT groups as well as DPRK [North Korea]-based Lazarus Group targeting Japan."From massive spam campaigns to Chinese groups targeting a critical flaw in Ivanti Connect Secure products to North Korea trying to embed IT workers in Japanese firms, the threat landscape facing Japan has grown significantly and comes at a time when the country is aiming to take a greater role in securing the regional Internet. A year ago, for example, the US, Japan, and the Philippines inked an agreement to share cybersecurity threat data, following China's Volt Typhoon attacks on critical infrastructure — and later the Salt Typhoon attacks on telecommunications. And earlier this year, Japanese lawmakers passed the Active Cyber Defense Bill to allow law enforcement to respond with active measures — such as shutting down servers — against foreign attacks.Stronger Offense, Weaker Defense?Following Japan's creation of cybersecurity standards, the nation's Board of Audit periodically reviews critical systems responsible for delivering government services. The Board of Audit found that 58 of the 356 critical systems were not maintained according to the cybersecurity standards. In addition, the board found that the responsible ministries had no business continuity plans in place for 259 of the systems (73%).Related:Cyberattacks Intensify Pressure on Latin American GovernmentsThe Board of Audit is not the only group to find security holes in Japanese systems. Earlier this year, cyberattackers targeted a vulnerability in PHP Common Gateway Interface (CGI) implementation on Microsoft Windows systems in Japan to install Cobalt Strike reverse proxies on compromised systems, Cisco's Talos threat-intelligence group stated in a March analysis."We found that the attacker predominantly targets organizations in Japan across various business verticals, including technology, telecommunications, entertainment, education, and ecommerce, based on our analysis of command and control (C2) server artefacts," the analysis stated.At the same time, Japan is ramping up its offensive capabilities, passing the Active Cyber Defense Law in May, "marking a pivotal shift in the country's cybersecurity strategy," according to an analysis by the Center for Cybersecurity Policy and Law. The law requires that critical infrastructure operators report cybersecurity incidents to the government and gives the government the ability to intercept foreign Internet traffic.The law also "empowers government agencies, under strict oversight, to monitor and respond to suspicious cyber activities before they cause harm," the analysis stated. A planned Cyber Council will act as a hub between government agencies and private partners.Related:Middle East Conflict Highlights Cloud Resilience GapsGreater Tensions, More CyberattacksJapan is racing to establish a strong cyber defense as it faces greater threats. Trend Micro, for example, sees a number of Chinese and North Korean threat actors, such as the Lazarus Group, targeting Japan for its alliance with the US- and Western-aligned nations, while the country's robust economy tends to attract cybercriminals.In March, Japan's telecom giant NTT Communications suffered a breach that compromised data on 18,000 companies and an unknown number of individuals. Meanwhile, the government has faced a five-year campaign, known as MirrorFace, that has attempted to steal information, exploit vulnerabilities, and phish credentials from policy experts, politicians, and academics.Japan's security organizations, like others, need to eschew a siloed focus on products and services and instead look to improve visibility into the entire attack chain while backstopping their capabilities with advanced automation and AI capabilities, Trend Micro's Clay says."Governments and businesses have to shift how they look at implementing cybersecurity," he says. "Adopting a more proactive approach ... can help these organizations get a more detailed look at their entire attack surface."Read more about:DR Global Asia PacificAbout the AuthorRobert LemosContributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert LemosWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsThe Agentic SOC: Exploring the Practitioner Mindset as AI Permeates SecOpsThe Total Economic Impact™ Of Google SecOpsThe Business Value of Google Threat IntelligenceThe Total Economic Impact™ Of Google SecOpsAI-driven SecOps: Transforming Financial Services SecurityAccess More ResearchWebinarsHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementDefending Against AI-Powered Attacks: The Evolution of Adversarial Machine LearningTips for Managing Cloud Security in a Hybrid Environment?Zero Trust Architecture for Cloud environments: Implementation RoadmapMore WebinarsYou May Also LikeCyber RiskHow Can CISOs Respond to Ransomware Getting More Violent?by James DoggettJan 28, 2026Cyber RiskUS Cyber Pros Plead Guilty Over BlackCat Ransomware Activityby Alexander CulafiJan 05, 2026Cyber RiskSwitching to Offense: US Makes Cyber Strategy Changesby Robert Lemos, Contributing WriterNov 21, 2025Cyber RiskMicrosoft Exchange 'Under Imminent Threat,' Act Now by Arielle WaldmanNov 12, 2025Editor's ChoiceСloud SecurityNavigating the Unique Security Risks of Asia's Digital Supply ChainNavigating the Unique Security Risks of Asia's Digital Supply ChainbyAlexander CulafiApr 15, 20263 Min ReadCyber Risk20-Year-Old Malware Rewrites History of Cyber Sabotage20-Year-Old Malware Rewrites History of Cyber SabotagebyJai VijayanApr 27, 20264 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTDefending Against AI-Powered Attacks: The Evolution of Adversarial Machine LearningMon, May 11, 2026 at 1:00pm ETTips for Managing Cloud Security in a Hybrid Environment?Thurs, May 7, 2026 at 1pm ESTZero Trust Architecture for Cloud environments: Implementation RoadmapTues, May 12, 2026 at 1pm ESTMore WebinarsWhite Papers7 best practices for secrets lifecycle managementReinventing the SOC with agentic AIEnhancing SecOps with Google Threat IntelligenceEnhancing SecOps with Google Threat IntelligenceEnhancing SecOps with Google Threat IntelligenceExplore More White PapersBlack Hat Asia | Marina Bay Sands, SingaporeExperience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass.GET YOUR PASS