- Russia warns Japan about its military stance towards the US
- Pro-Russian groups subject Japan to a wave of DDoS attacks
- Attacks target critical infrastructure and government agencies
Pro-Russian threat actors have launched a series of coordinated DDoS attacks against Japanese organizations, following Japan’s recent moves to strengthen its military alliance with the United States.
Distributed Denial of Service (DDoS) attacks, which flood networks with traffic and disrupt business operations, have become a popular method for cybercriminals and hacktivist groups.
The attacks, which began in mid-October 2024, targeted key sectors of the Japanese economy and government, including logistics and manufacturing, as well as political entities.
Tensions between Japan and Russia escalate
The cyber attacks followed recent statements from the Russian Ministry of Foreign Affairs (MID) raising concerns about Japan’s increasing militarization. Russia stressed that Japan’s increased defense budget and its involvement in joint military exercises with the United States raise concerns.
Furthermore, Japan’s development of pre-emptive strike capabilities and participation in ballistic missile defense research have contributed to rising tensions between the two nations.
On October 11, 2024, three days before the attacks, Russia reiterated its concerns. In response, two pro-Russian hacktivist groups, NoName057 and the Russian Cyber Army Team, launched a coordinated DDoS campaign aimed at disrupting Japanese organizations and infrastructure.
The cyber attack mainly targeted Japan’s logistics and manufacturing sectors, with a particular emphasis on ports and shipbuilding. This focus on infrastructure is consistent with previous campaigns by NoName057, a group known for targeting critical sectors in geopolitical conflict zones.
In addition to industrial targets, the hacktivists also attacked Japanese government and political organizations. In particular, the political party of Japan’s newly elected Prime Minister was among the high-profile targets, possibly as an attempt by the attackers to draw attention to their actions.
According to NETSCOUTThe attacks utilized multiple direct DDoS attack vectors, many of which originated from known nuisance networks, cloud hosting provider infrastructure, and virtual private networks (VPNs). The attackers also leveraged the DDoSia botnet to amplify their attacks, using different configurations to maximize the impact.
While these attacks were disruptive, NETSCOUT notes that they did not significantly change the overall threat landscape in Japan.