Photo/IllutrationThe Asahi Shimbun

  • Photo/Illustraion
  • Photo/Illustraion
  • Photo/Illustraion
  • Photo/Illustraion

A Chinese group that has been accused by the U.S. government in a series of cybertheft cases around the world is now suspected in the 2016 hacking of the computer system used by Keidanren (Japan Business Federation).

Keidanren officials announced in November 2016 that 23 computers used in the federation's system had been infected with a virus. However, no details were released about what hacking group might have been behind the cyberattack.

The types of computer viruses used in the Keidanren attack as well as the external computer addresses to which information was secretly transmitted were very similar to those that have turned up in a separate report conducted by a number of British entities.

The report said that a Chinese hacking group identified as Advanced Persistent Threat (APT) 10 was responsible for "systematically targeting Japanese organizations."

While the report said APT10 had infiltrated the computer systems of the Foreign Ministry, the ruling Liberal Democratic Party and the Japan International Cooperation Agency, no mention was made of the Keidanren attack.

Keidanren's computer server contained important documents, including communications with government officials as well as various policy proposals made by Japan's largest business group. While there is the strong possibility some of those documents were transmitted to external computers, it has not been determined if any information was stolen from Keidanren's computer system.

The report, released in April 2017, was compiled by the British defense company BAE Systems, the major consulting firm PwC as well as the British National Cyber Security Center.

The report was used in part by the U.S. Justice Department when it indicted two Chinese individuals in December with alleged connections to APT10. The indictment charges that the two hackers stole huge amounts of information from about 45 companies and research institutes in the United States since 2006.

The Justice Department claimed that APT10 worked closely with China's State Security Ministry.

The Japanese government issued a statement at that time criticizing the cyberattacks by APT10, but no details were released about possible victims in Japan.

According to internal documents obtained by The Asahi Shimbun as well as information provided by sources, the cyberattack on the Keidanren computer system was a calculated and time-consuming endeavor.

The system had been infected for more than two years before the official announcement was made in November 2016 about the network break-in.

An innocent single e-mail received on July 1, 2014, by Keidanren's International Cooperation Bureau triggered the extensive cyberattack.

The e-mail came from an organization involved in bilateral relations with China and with which Keidanren officials often worked with.

Because there was nothing outwardly suspicious about the e-mail, a Keidanren staff member not only opened the e-mail, but also an attached file that had a list of names. But that attachment also contained a computer virus that breached the computer security system in place.

Two days later, another virus that allowed for the computer system to be remotely controlled was sent into the Keidanren system.

The initial e-mail was sent by a hacker posing as an employee of the organization. It was later learned that the computer system of that organization had also been hacked earlier and the e-mail account of the employee compromised.

The computer virus injected into the Keidanren system slowly spread and two months later it had infected a computer server where various documents were stored and shared by those with access to the system.

Once in that computer server, transmissions were begun with a computer server of a telecommunications company based in China's Guangdong province.

It wasn't until early October 2016 that Keidanren officials were informed by the company overseeing its computer system that suspicious transmissions had been uncovered.

According to sources, there were traces of external access to all kinds of computer files stored on Keidanren's computer servers. An investigation also found that a different computer virus had been used to infect the computer used by a high-ranking Keidanren official. A program was found on that computer that could select and compress the content of e-mails.

Keidanren eventually paid several hundreds of millions of yen to replace its computer system.

One official knowledgeable about what occurred at the time said, "If genuine data is sent from an organization and an individual that actually exists, the e-mail will be opened without the slightest suspicion. It was an extremely advanced cyberattack that demonstrated the thorough preparations made by the hacker."

Kevin Mandia, chief executive officer of the U.S. cybersecurity company FireEye Inc., has said that Chinese hacking groups are very disciplined and will continue with repeated attacks until their objective has been met. He added that such groups never disclose any of the huge volume of information that it has stolen.

The April 2017 British report contains information allowing for confirmation about a possible attack by APT10. That information was used to confirm the computer addresses to which information was transmitted by the computer virus used in the Keidanren attack.

However, it is still rare for Japanese entities to share such information about cyberattacks.

Hiroshi Ito, chief technology officer of the Japanese subsidiary of FireEye, said there was still a mind-set in Japan that disclosing damage from a cyberattack would create a scandal and place the company in a negative light. He also pointed out to the lack of a concerted effort for government agencies and business organizations to work together to share information about such attacks.

But at the same time, he also pointed to the revision of the cybersecurity basic law, which passed in December.

"I hope the central government will work to improve this situation by serving as the proponent for creating a framework to share information that cuts across business organization lines," Ito said.