The Japanese government has issued a warning, accusing a Chinese hacking group known as MirrorFace of conducting a years-long campaign of cyber attacks against dozens of government organizations, companies, and individuals in the country. The alert, published on Wednesday, attributes the hacking spree to MirrorFace, which is suspected to be linked to China.

According to the National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, the primary objective of the MirrorFace attack campaign is to steal information related to Japan's national security and advanced technology. The targets of the campaign include Japan's Foreign and Defense ministries, the country's space agency, politicians, journalists, private companies, and tech think tanks.

The hacking campaign, which began in 2019, has used spearphishing emails containing malicious attachments to target individuals and organizations. In three separate campaigns, MirrorFace sent emails to individuals working for think tanks, active and retired politicians, and journalists, as well as companies in the semiconductor, manufacturing, information and communications, academic, and aerospace sectors. A third campaign, which started around June 2024, targeted academics, think tanks, politicians, and the media in Japan.

This is not the first time MirrorFace has been linked to cyber attacks in Japan. In 2022, cybersecurity firm ESET published research detailing a spearphishing email campaign carried out by MirrorFace that targeted Japanese political entities and specific politicians ahead of elections in the country. At the time, ESET said MirrorFace did not appear to be linked to other known Chinese government hacking groups.

Japan's limited capabilities in cyberspace have been attributed to its pacifist constitution, which experts argue has hindered the country's ability to respond to cyber threats. In 2023, The Washington Post reported that the U.S. National Security Agency discovered in 2020 that Chinese military hackers had compromised some of the most sensitive classified defense networks in Japan.

The Japanese government's warning highlights the ongoing threat of cyber attacks to national security and advanced technology. As Japan continues to grapple with the implications of the MirrorFace hacking campaign, it remains to be seen how the country will respond to this threat and strengthen its cybersecurity capabilities.

The incident also raises concerns about the role of nation-states in cyber attacks and the need for international cooperation to combat these threats. As cyber attacks become increasingly sophisticated and widespread, governments and organizations must work together to share intelligence and best practices to protect against these threats.