Initial Disclosure Date: Mar 29, 2013

On February 28, the National Police Agency released a report on cyber-attacks against Japan for FY2012 between April 2012 and February 2013.

Here is the gist:
1) Phishing/APT-associated emails
- As far as NPA knows, Japanese companies received 1,009 phishing/APT-associated emails.

- About 26 percent of those C&C servers are located in the United States, about 21 percent in China, about 20 percent in Japan, about 5 percent in Hong Kong and Thailand, and about 2 percent in France.

- Some of those phishing/APT-associated emails used subjects related to the change of administration from DPJ to LDP and Senkaku.

- An emerging trend is Yaritori-gata cyber-attack. "Yaritori" means communications and "gata" means type in Japanese. Culprits do not send an email with malware from the beginning. They exchange emails with their target a number of times as "a whistle blower" or "an applicant who is interested in that job" to get trusted. In the end, the culprits sent a malware-embedded document to the victims as "CV" or "charge paper." Some of the attachment type was disguised by RLO. Since some attachments were compressed with a password, victims were not able to detect the malware or computer virus.


2) Website defacement
- Anonymous-associated incidents: All of IP addresses are non-Japanese. About 52 percent is European, and about 22 percent is Australian and the US.

- Senkaku-related incidents: All of IP addresses are non-Japanese. About 94 percent is Chinese.


3) Massive data sent to website forms to ask questions to local governments or critical infrastructure companies
- Between June and July 2012, massive data such as meaningless spaces and numbers was sent to website forms to let citizens ask questions or send opinions to local governments or critical infrastructure companies (Eight local governments, two gas suppliers, two train companies, and one airport).

- All of IP addresses are non-Japanese. About a half of them is South Korean, and 42 percent is Chinese.

- January 2013 also saw three similar incidents. Massive data was sent to the website form of three local governments, although the NPA does not know if they are related to the 2012 incidents.

Sources:

• National Police Agency, “Koho siryo: heisei 24 nendo chu no saiba kogeki josei nit suite [Press release: cyber-attacks during FY2012],” February 28, 2013,
  http://www.npa.go.jp/keibi/biki3/250228kouhou.pdf

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.