Japanese space agency spotted zero-day attacks while cleaning up raid on M365
Multiple malware assault saw personal data accessed, rocket science remained safe
The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.
JAXA’s systems came under in attack in late 2023, with its Active Directory implementation taking the brunt of it.
An investigation ensued, and saw networks taken offline to verify that no classified data on rockets, satellites, or national security was compromised.
Unauthorized access to Microsoft 365 (M365) was found to be the start of the incident. JAXA asked Microsoft to help with the probe and together found no further breaches, the agency revealed.
But the space org’s statement also revealed the discovery of malware found and removed by an actor other than Microsoft. And then there’s the mention of zero-day attacks in the last sentence of a section about countermeasures like closer network monitoring and improve remote access security the agency adopted.
“In the course of taking the above measures and strengthening monitoring, we have detected and responded to multiple unauthorized accesses to JAXA's network since January of this year (including zero-day attacks), though no information was compromised,” the statement reads.
The 2023 breach did provide the attackers with some information hosted in JAXA's MS365 service, including personal information.
Luckily, the compromised systems are believed to not include sensitive information related to launch vehicles and satellite operations. The space agency also dismissed potential impact on cooperation with domestic and international partners from the attack.
- Users rage as Microsoft announces retirement of Office 365 connectors within Teams
- Japan's space agency suffers cyber attack, points finger at Active Directory
- JAXA's Akatsuki probe goes silent after more than a decade studying Venus
- Japan's space agency enlists train operator's AI to foresee in-orbit failures
Because the attacker used multiple unknown strains of malware, it was difficult to detect the unauthorized access, explained JAXA. Initial entry to JAXA's internal servers and computers was likely gained by exploiting a VPN vulnerability. The attacker then expanded its unauthorized access and compromised the space agency’s user account information. That account information in turn was used to access the MS365 services.
The newly found cyberattacks adds to a growing list for JAXA. The agency was breached in both 2016 and 2012. The 2016 attack led to the arrest of a Chinese national affiliated with the Chinese Communist Party (CCP) and living in Japan.
The 2023 attack has not publicly been attributed to a person or organization. Considering the 2016 attack took five years before legal action was taken, that may still be a while coming. ®