Russia-Linked Hackers Attack Japan's Govt, Ports
Summary:
Two Russian pro-hacker groups, NoName057 and the Russian Cyber Army Team, launched coordinated DDoS attacks against Japanese logistics, shipbuilding companies, and government agencies starting on October 14, 2024. These cyberattacks are seen as an attempt to pressure Japan following its decision to increase defense spending and conduct joint military exercises with regional allies, including the U.S. This escalation in Japan's defense efforts, particularly in the context of geopolitical tensions with Russia and China, is believed to be the trigger for these attacks. Netscout, a network monitoring firm, revealed that more than half of the DDoS attacks targeted Japan's logistics, shipbuilding, and manufacturing sectors, while approximately one-third of the attacks hit government agencies and political organizations. The hacking groups, particularly NoName057, have previously been active in targeting entities in Ukraine and Europe in response to Russia's invasion of Ukraine. This is the latest instance of cyber threats aligning with Russia’s geopolitical objectives.
The Russian Ministry of Foreign Affairs had expressed concerns over Japan's military buildup prior to these attacks, says Richard Hummel, director of threat intelligence for Netscout. He notes that Japan’s recent election, which resulted in a leader openly critical of Russia and supportive of Ukraine, may have further provoked these groups. Hummel also highlighted Japan's participation in military exercises and ballistic missile testing with the U.S., a factor likely contributing to these cyberattacks.
Security Officer Comments:
Japan is undergoing its largest military expansion since World War II, highlighted by a five-year, $320 billion defense plan announced in December 2022. This includes the development of long-range missiles capable of hitting targets in China, North Korea, and Russia. In 2024, Japan's military budget increased by 16%, a significant shift from its post-war self-defense-only policy. These developments seem to have drawn the ire of pro-Russian cyber groups. As of October 17, Japan's Deputy Chief Cabinet Secretary, Kazuhiko Aoki, stated that the government is investigating these cyberattacks. Netscout’s analysis of the attacks revealed that approximately 40 Japanese domains had been hit, with each domain experiencing multiple attack waves across different vectors. The DDoSia botnet, used by the attackers, employed around 30 distinct attack configurations aimed at maximizing the impact.
Suggested Corrections:
DDoS attacks pose a significant challenge for defense because it's challenging to differentiate between legitimate and malicious packets. Typically, DDoS attacks exploit either bandwidth or application vulnerabilities.
There are several methods to counter DDoS attacks:
Sinkholing: In this strategy, all incoming traffic is redirected to a "sinkhole" where it's discarded. However, this approach has a drawback as it eliminates both legitimate and malicious traffic, resulting in a loss of actual customers for the business.
Routers and Firewalls: Routers can help by filtering out nonessential protocols and invalid IP addresses, but they become less effective when a botnet employs spoofed IP addresses. Firewalls face similar challenges when dealing with IP address spoofing.
Intrusion-Detection Systems (IDS): These solutions employ machine learning to identify patterns and automatically block traffic through a firewall. While powerful, they may require manual adjustments to avoid false positives.
DDoS Suggested Corrections Appliances: Various vendors offer devices designed to sanitize traffic through techniques like load balancing and firewall blocking. However, their effectiveness varies, as they may block legitimate traffic and allow some malicious traffic to pass through.
Over-provisioning: Some organizations opt for extra bandwidth to manage sudden traffic spikes during DDoS attacks. Often, this additional bandwidth is outsourced to a service provider who can scale up during an attack. However, as attacks grow in scale, this mitigation approach may become less cost-effective.
These methods represent different strategies organizations employ to defend against DDoS attacks, each with its advantages and limitations.
Link(s):
https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
Two Russian pro-hacker groups, NoName057 and the Russian Cyber Army Team, launched coordinated DDoS attacks against Japanese logistics, shipbuilding companies, and government agencies starting on October 14, 2024. These cyberattacks are seen as an attempt to pressure Japan following its decision to increase defense spending and conduct joint military exercises with regional allies, including the U.S. This escalation in Japan's defense efforts, particularly in the context of geopolitical tensions with Russia and China, is believed to be the trigger for these attacks. Netscout, a network monitoring firm, revealed that more than half of the DDoS attacks targeted Japan's logistics, shipbuilding, and manufacturing sectors, while approximately one-third of the attacks hit government agencies and political organizations. The hacking groups, particularly NoName057, have previously been active in targeting entities in Ukraine and Europe in response to Russia's invasion of Ukraine. This is the latest instance of cyber threats aligning with Russia’s geopolitical objectives.
The Russian Ministry of Foreign Affairs had expressed concerns over Japan's military buildup prior to these attacks, says Richard Hummel, director of threat intelligence for Netscout. He notes that Japan’s recent election, which resulted in a leader openly critical of Russia and supportive of Ukraine, may have further provoked these groups. Hummel also highlighted Japan's participation in military exercises and ballistic missile testing with the U.S., a factor likely contributing to these cyberattacks.
Security Officer Comments:
Japan is undergoing its largest military expansion since World War II, highlighted by a five-year, $320 billion defense plan announced in December 2022. This includes the development of long-range missiles capable of hitting targets in China, North Korea, and Russia. In 2024, Japan's military budget increased by 16%, a significant shift from its post-war self-defense-only policy. These developments seem to have drawn the ire of pro-Russian cyber groups. As of October 17, Japan's Deputy Chief Cabinet Secretary, Kazuhiko Aoki, stated that the government is investigating these cyberattacks. Netscout’s analysis of the attacks revealed that approximately 40 Japanese domains had been hit, with each domain experiencing multiple attack waves across different vectors. The DDoSia botnet, used by the attackers, employed around 30 distinct attack configurations aimed at maximizing the impact.
Suggested Corrections:
DDoS attacks pose a significant challenge for defense because it's challenging to differentiate between legitimate and malicious packets. Typically, DDoS attacks exploit either bandwidth or application vulnerabilities.
There are several methods to counter DDoS attacks:
Sinkholing: In this strategy, all incoming traffic is redirected to a "sinkhole" where it's discarded. However, this approach has a drawback as it eliminates both legitimate and malicious traffic, resulting in a loss of actual customers for the business.
Routers and Firewalls: Routers can help by filtering out nonessential protocols and invalid IP addresses, but they become less effective when a botnet employs spoofed IP addresses. Firewalls face similar challenges when dealing with IP address spoofing.
Intrusion-Detection Systems (IDS): These solutions employ machine learning to identify patterns and automatically block traffic through a firewall. While powerful, they may require manual adjustments to avoid false positives.
DDoS Suggested Corrections Appliances: Various vendors offer devices designed to sanitize traffic through techniques like load balancing and firewall blocking. However, their effectiveness varies, as they may block legitimate traffic and allow some malicious traffic to pass through.
Over-provisioning: Some organizations opt for extra bandwidth to manage sudden traffic spikes during DDoS attacks. Often, this additional bandwidth is outsourced to a service provider who can scale up during an attack. However, as attacks grow in scale, this mitigation approach may become less cost-effective.
These methods represent different strategies organizations employ to defend against DDoS attacks, each with its advantages and limitations.
Link(s):
https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports