Japan's Space Program at Risk After Microsoft Active Directory Breach

We Keep you Connected

Japan's Space Program at Risk After Microsoft Active Directory Breach

Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.
December 1, 2023
Japan's Space Exploration Agency (JAXA) reported this week that it experienced a cyber incident this past summer stemming from a breach of Microsoft Active Directory (AD) — raising concerns that nation-state actors might be after the country's space program data.
Chief cabinet secretary Hirokazu Matsuno raised the topic of the incident in a morning briefing on Nov. 29, mentioning that the agency investigated and preliminarily found that illegal access had indeed taken place. The agency was allegedly unaware of the attack until it was contacted by the authorities.
As mentioned, the breach was located in the organization's AD environment, the central server that manages access control for JAXA's network, including admin passwords for corporate applications. According to The Japan News, an official related to JAXA reportedly stated that "as long as the AD server was hacked, it was very likely that most of the information was visible. This is a very serious situation," though there is much that has not yet been confirmed.
This is not the first time that this Microsoft component has led to a compromise of information. Just earlier this year, US Sen. Ron Wyden (D-Ore.) wrote to the heads of CISA, the Justice Department, and the FTC asking them to hold Microsoft responsible after a Microsoft 365 breach due to three vulnerabilities in its Exchange Online email service and the Azure Active Directory. And just prior to that, it was discovered that a stolen Microsoft account key could allow threat actors to create access tokens for a variety of different types of Azure Active Directory applications.
The breach raises concerns that Japan's space program has been exposed, according to Ted Miracco, CEO of mobile security company Approov, who noted that JAXA has been a target before; in 2016 and 2017, JAXA was among 200 Japanese companies and research institutes allegedly targeted by Chinese military hackers.
"The cyberattack on Japan's aerospace exploration agency bears all the characteristics reminiscent of past incidents, raising questions about the involvement of state-sponsored actors," Miracco said via email. "In the historical context, previous attacks were linked to Chinese military hackers, and the reported exploitation of a vulnerability disclosed by a network equipment manufacturer in June adds a layer of sophistication to the attack, indicating a state-sponsored attack.
He added, "The motivation behind the cyber intrusion, given the nature of JAXA's operations in satellite development and advanced missions, points towards an interest in strategic intelligence and technological advancements. Understanding the identity, methods, and motivations of the perpetrators becomes crucial in fortifying cybersecurity measures to mitigate future risks, as these attacks are unlikely to stop anytime soon."
Meanwhile, JAXA has shut down part of its network and launched a full investigation to determine the scope of the breach and its impact. The agency is working with the central government, as well as police, on the matter.
Kristina Beek, Associate Editor, Dark Reading

You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
How to Combat the Latest Cloud Security Threats
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
SecOps & DevSecOps in the Cloud
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cybersecurity Outlook 2024 – A Dark Reading December 14 Event
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.