HQ/EMEAFind out how we can help your business
The Japanese Space Exploration Agency (JAXA) discovered it was being attacked via zero-day exploits after initiating a joint investigation with Microsoft into a 2023 cyberattack on its systems. JAXA’s systems were attacked late last year, and the Active Directory implementation suffered damage.
The Japanese agency immediately isolated the infected system and shut down other networks to ensure no confidential data on rockets, satellites, or national security had been compromised.
The incident started with unauthorised access to Microsoft 365 after JAXA requested assistance from Microsoft in the investigation. After granting the request, Microsoft conducted a clear-up investigation, which eventually resulted in the discovery of the intrusion.
However, the space organisation’s initial announcement indicated that a non-Microsoft entity identified and removed spyware. Still, the announcement included a last part about zero-day attacks and discussed countermeasures that the agency implemented.
According to the statement, the agency claimed that it identified and responded to many unauthorised accesses to its network since January of this year, but they have yet to find evidence of compromised information.
JAXA and Microsoft’s joint investigation concluded that the 2023 breach did not expose any data to the attackers.
According to investigations, the 2023 breach on JAXA did not provide the attackers with any stored data, such as the alleged MS365 accounts that could have potentially included personal information.
The organisation explained that the compromise did not store sensitive information about launch vehicles and satellite operations. In addition, the space agency also rejected the attack’s possible impact on domestic and international cooperation.
The researchers noted that the attackers utilised various malware strains, making identifying them harder. However, the researchers believe that the initial access to JAXA’s internal servers and machines was most likely acquired through exploiting a VPN vulnerability.
Subsequently, the attackers allegedly used the unauthorised access to infiltrate the space agency’s user account information, which they also used to access the MS365 services.
The newly discovered hacks are the latest in an increasing number of cyberattack attempts against JAXA. However, the 2023 zero-day attack has not been publicly linked to any malicious organisation, but researchers have stated that Chinese-backed threat groups are the perpetrators of these campaigns.
