In late 2023, the Japanese Aerospace Research Agency (JAXA) fell victim to a large-scale cyber attack that exploited a zero-day vulnerability, targeting the Active Directory system. The incident began with unauthorized access to Microsoft 365, allowing the attackers to obtain some information stored on the service. JAXA, in collaboration with Microsoft confirmed that no further security breaches occurred. Additionally, harmful software was discovered in JAXA’s networks and promptly removed by a third party.
Although the cybercriminals managed to access some data in Microsoft 365, including personal information, JAXA clarified that the compromised systems did not contain any sensitive data related to launch and space operations. Following the breach, JAXA ramped up monitoring and security measures, successfully thwarting numerous attempts to gain unauthorized access to their network, including through zero-day vulnerabilities, since January 2024. Fortunately, no information theft occurred as a result of these hacking attempts.
JAXA stated that due to the use of unknown strains of malware, detecting and preventing the attack was challenging. It is believed that the hackers initially exploited a vulnerability in the VPN to gain access to the agency’s internal servers and computers, eventually gaining access to user account data through Microsoft 365.
Despite the cyber attack, JAXA assured that its cooperation with both domestic and international partners remained unaffected. The agency emphasized that the incident has not been linked to any specific individual or group. This is not the first time JAXA has faced cyber threats, as back in 2016, Chinese hackers conducted a series of cyber attacks targeting Japanese organizations, including JAXA, among others.