Last Update: Sep 18, 2013
Initial Disclosure Date: Sep 17, 2013

September 18th is the anniversary of the Liutiaohu Incident in 1931 when the Imperial Japanese Army engineered the incident by blasting the South Manchuria Railway and used it as a pretext to invade Manchuria. PRC citizens often associate the incident as national humiliation and PRC hacktivists annually launch DDoS attacks or website defacement against Japanese organizations on September 18 over the last few years. Especially the scale of the 2012 campaign was massive because PRC citizens strongly reacted to the purchase and nationalization of three of the Senkaku Islands by the Japanese government on September 11, 2012. PRC hacktivists waged DDoS attacks and website defacements against Japanese companies, ministries, and universities.

The website of the Honker Union, a major PRC hacktivist group, has some posting to urge cyber-attacks on September 18 and lists up about 270 Japanese entities including the official residence of Prime Minister, Ministry of Foreign Affairs, local governments, and media.^(footnote:1) According to the National Police Agency on September 11, 2013, the number of accesses to port 53/UDP from China increased between September 10th and 11th and the NPA believes that this is probably to prepare for DNS reflection attacks. ^(footnote:2)

Website defacements have already started. A list of defaced websites is below. DDoS attacks have not been seen as of 1800 JST, September 18th. The IBM Tokyo SOC has seen a few number of IP addresses for blind SQL injections from the PRC.^(footnote:3) This year’s 918 cyber-attack campaign is much more quiet than usual.
hxxp://hashaku.com
hxxp://hashaku.jp
hxxp://nichirendaishonin.net
hxxp://www.denshigosho.net
hxxp://www.denshigosho.com
hxxp://shoshubook.com
hxxp://surimi-marutaka.co.jp/Fuck-JP.html
hxxp://yamada-masaharu.co.jp/Fuck-JP.html
hxxp://nic-jpn.jp/Fuck-JP.html
hxxp://mmtl.jp/Fuck-JP.html
hxxp://tp-jsk.co.jp/Fuck-JP.html
hxxp://space-toyo.co.jp/Fuck-JP.html
hxxp://marumo-tax.jp/Fuck-JP.html
hxxp://maki-ichi.com/Fuck-JP.html
hxxp://kasekei.com/Fuck-JP.html
hxxp://floor-coating.jp/Fuck-JP.html
hxxp://lisoa.co.jp/Fuck-JP.html
hxxp://maruyama-clinic.or.jp/Fuck-JP.html
hxxp://kaiun.bz/Fuck-JP.html
hxxp://hoshinokeizai.com/Fuck-JP.html
hxxp://chubu-electric.co.jp/Fuck-JP.html
hxxp://bee-essence.com/Fuck-JP.html
hxxp://powderyellow.com/Fuck-JP.html
hxxp://www.careernetwork.co.jp/Fuck-JP.html
hxxp://www.densen-store.com/Fuck-JP.html
hxxp://www.hontabe.com/Fuck-JP.html
hxxp://www.kanda-med.or.jp/Fuck-JP.html
hxxp://www.ntcoat.co.jp/Fuck-JP.html
hxxp://www.pacific-sci.com/Fuck-JP.html
hxxp://www.sogocon.biz/Fuck-JP.html
hxxp://www.taro-hanako-exshop.com/Fuck-JP.html
hxxp://e-kasuga.net/Fuck-JP.html
hxxp://www.artemisia.jp/Fuck-JP.html
hxxp://bio-kenko.com/Fuck-JP.html
hxxp://www.herb-science.jp/Fuck-JP.html

Sources:

1. NHK News, “Seihu saiba kogeki yokoku de keikai [The Japanese government raised alert, facing calls for cyber-attacks],” September 12, 2013,
   http://www3.nhk.or.jp/news/html/20130912/k10014473761000.html
2. National Police Agency, “Topic: Chugoku wo hasshin-moto to suru saiki toiawase kano na DNS saba no tansaku koi no zoka ni tsuite [Topic: Increasing number of recursive DNS servers from China],” September 11, 2013,
   http://www.npa.go.jp/cyberpolice/detect/pdf/20130911.pdf
3. IBM Tokyo SOC, “Tokyo SOC Report: Ryujoko Jiken ga okotta 9 gatsu 18 nichi ni muketa kogeki no jokyo (9 gatsu 18 nichi 12:00 jiten) [Tokyo SOC Report: Update on cyber-attacks As of 12:00 on September 18, which is the anniversary of the Liutiaohu Incident],” September 18, 2013,
   https://www-304.ibm.com/connections/blogs/tokyo-soc/?lang=ja

※ Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.