DDoS Attacks Against Japan

Uploaded on 2024-10-21 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

On October 11, 2024, the Ministry of Foreign Affairs of the Russian Federation (MID) published an interview expressing concern over Japan's increasing militarisation.

MID was particularly concerned over its rising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.

In support of these concerns, two pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a series of high-impact DDoS attacks three days later, on October 14-16, 2024.

The slight delay occurred because NoName057 had recently been focused on attempting to disrupt the Belgian elections which took place over the previous weekend, this included more than 30 configuration updates sent with near exclusive Belgium targets for government, logistics, and election sites.

This incident underscores the coordination between these two threat actors as we have observed on multiple occasions.

  • Half of the attacks targeted the Logistics & Manufacturing sector, with a particular focus on harbors and shipbuilding; this is consistent with NoName057(16)’s typical approach.
  • The second-largest target group of attacks were directed towards government, political, and social organisations, including the political party of Japan’s newly elected prime minister, with the likely intention of generating significant publicity by attacking high-profile targets.

Attack Vectors

NoName057(16) has used every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets. Currently approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilising approximately 30 different attack configurations to maximise attack impact.

All identified target domains were subject to at least one type of TCP packet-flooding, with TCP SYN-floods being the most prominent. Additionally, over two-thirds of the websites experienced HTTP-based attacks, further intensifying the attack campaign.

Over the course of three days, it was observed that all new C2 server updates occurring between 16:00 to 22:00 in Japan, which corresponds to typical working hours for the Russian-aligned group.

Recent DDoS Attacks in the Larger DDoS Ecosystem

NETSCOUT's Automated Intelligene Feed ( AIF) tracks validated DDoS attack sources and is especially effective in empowering organisations to effectively mitigate high-visibility DDoS attacks such as those observed over the course of this attack campaign. Researcers at NETSCOUT report approximately 2,000 DDoS attacks targeting Japanese networks daily and while the recent attacks are impactful, they do not significantly impact the overall threat landscape of the region.

Conclusion

These events shpw how  the Russia-aligned threat actors NoName057(16) and the Russian Cyber Army Team coordinated their efforts in attacking Japanese entities in the logistics & manufacturing sectors, and governmental organisations.

While these  activities do not dramatically alter the overall threat landscape, as DDoS attacks continue to affect organisations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.

Netscout   |   Russuan Federation Ministry of Foreign Affairs     |     Govinfo Security

You Might Also Read: 

Japan Will Use AI To Secure Critical Infrastructure:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Instagram Aims To Prevent Sextortion
The UK Needs To Reevaluate Its Cybersecurity Strategy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Government Communications Headquarters (GCHQ) - UK

Government Communications Headquarters (GCHQ) - UK

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

Alea Consulting

Alea Consulting

Alea Consulting is a global risk mitigation and investigative consulting firm, which helps organizations reduce reputation and operational concerns.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.