Introduction
In mid-October 2024, Japan faced a series of high-impact Distributed Denial of Service (DDoS) attacks orchestrated by the pro-Russian threat actor group NoName057(16) and the Russian Cyber Army Team. These cyberattacks targeted critical sectors in Japan, coinciding with the start of the country’s general election campaign and were linked to geopolitical tensions involving Japan’s military collaborations.
Description
On October 14-16, 2024 [1], the pro-Russian threat actor group NoName057(16) and the Russian Cyber Army Team executed a series of high-impact DDoS attacks targeting Japan’s logistics [1], shipbuilding [3] [4] [6], and government sectors [3]. These attacks coincided with the start of Japan’s general election campaign and were motivated by Japan’s planned joint military exercises with the US, specifically Operation Keen Sword 25 [4], scheduled for October 23 to November 1 [4]. The Russian Ministry of Foreign Affairs had publicly protested Japan’s military operations, expressing concerns about Japan’s increased defense budget and military collaboration with regional allies, which further fueled tensions.
Over half of the attacks focused on logistics and manufacturing firms [3], while nearly a third targeted government agencies and political organizations [3], including the ruling Liberal Democratic Party (LDP) [6], which faced significant disruptions to its website during this critical period. The attackers aimed to generate substantial publicity through these high-profile targets, framing their actions as retaliation for perceived “Russophobic” measures taken by Japan.
NoName057(16) utilized the DDoSia botnet [1] [3], employing a variety of attack vectors against approximately 19 identified Japanese domains [1], resulting in around 60 attacks. Each domain experienced multiple attack waves, utilizing four distinct DDoS attack vectors and around 30 different configurations [1]. TCP packet-flooding was prevalent [1], with TCP SYN-floods being the most common [1], while over two-thirds of the targeted websites also faced HTTP-based attacks [1]. The attacks were coordinated with updates to command and control servers occurring during typical working hours in Japan [1]. In a Telegram post [3], NoName057(16) confirmed their involvement [2] [3], warning of serious consequences for any further measures taken against Russia [5].
Cybersecurity firm Netscout reported that the attacks originated from known nuisance networks, as well as cloud provider and VPN networks, highlighting the sophisticated nature of the campaign. Notable incidents included the Yamanashi prefectural government’s website [4], which experienced 6.2 million visits from 69 countries [4], leading to a five-hour outage [4]. This series of attacks follows a similar incident in June, which targeted various government and industry websites after Japan supported a G7 proposal related to Ukraine.
Despite the impact of these attacks [1], they do not significantly alter the overall threat landscape in the region [1], where approximately 2,000 DDoS attacks targeting Japanese networks are reported daily [1]. The coordinated efforts of NoName057(16) and the Russian Cyber Army Team underscore the ongoing challenges organizations face in maintaining digital availability amidst a global rise in DDoS attacks [1]. In response to these threats [5], Japan’s government has initiated security measures and an investigation [2], with Deputy Chief Cabinet Secretary Kazuhiko Aoki emphasizing the government’s commitment to safeguarding the integrity of its democratic processes and ensuring that any threats to the electoral process will not be tolerated.
Conclusion
The DDoS attacks on Japan highlight the persistent threat posed by cyber actors amid geopolitical tensions. While these attacks did not drastically change the threat landscape, they underscore the need for robust cybersecurity measures. Japan’s proactive response, including security enhancements and investigations, reflects its commitment to protecting its democratic processes. As cyber threats continue to evolve, nations must remain vigilant and adaptive to safeguard critical infrastructure and maintain digital resilience.
References
[1] https://www.cybersecurityintelligence.com/blog/ddos-attacks-against-japan-8000.html
[2] https://www.cyberdaily.au/security/11261-japans-ruling-partys-website-taken-down-by-pro-russian-hacktivists
[3] https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
[4] https://www.hendryadrian.com/military-exercises-trigger-russian-ddos-attacks-on-japan/
[5] https://cybermaterial.com/japans-ldp-website-hit-by-russian-hackers/
[6] https://www.govinfosecurity.com/military-exercises-trigger-russian-ddos-attacks-on-japan-a-26561
