DDoS Attacks Against Japan

Uploaded on 2024-10-21 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

On October 11, 2024, the Ministry of Foreign Affairs of the Russian Federation (MID) published an interview expressing concern over Japan's increasing militarisation.

MID was particularly concerned over its rising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.

In support of these concerns, two pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a series of high-impact DDoS attacks three days later, on October 14-16, 2024.

The slight delay occurred because NoName057 had recently been focused on attempting to disrupt the Belgian elections which took place over the previous weekend, this included more than 30 configuration updates sent with near exclusive Belgium targets for government, logistics, and election sites.

This incident underscores the coordination between these two threat actors as we have observed on multiple occasions.

  • Half of the attacks targeted the Logistics & Manufacturing sector, with a particular focus on harbors and shipbuilding; this is consistent with NoName057(16)’s typical approach.
  • The second-largest target group of attacks were directed towards government, political, and social organisations, including the political party of Japan’s newly elected prime minister, with the likely intention of generating significant publicity by attacking high-profile targets.

Attack Vectors

NoName057(16) has used every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets. Currently approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilising approximately 30 different attack configurations to maximise attack impact.

All identified target domains were subject to at least one type of TCP packet-flooding, with TCP SYN-floods being the most prominent. Additionally, over two-thirds of the websites experienced HTTP-based attacks, further intensifying the attack campaign.

Over the course of three days, it was observed that all new C2 server updates occurring between 16:00 to 22:00 in Japan, which corresponds to typical working hours for the Russian-aligned group.

Recent DDoS Attacks in the Larger DDoS Ecosystem

NETSCOUT's Automated Intelligene Feed ( AIF) tracks validated DDoS attack sources and is especially effective in empowering organisations to effectively mitigate high-visibility DDoS attacks such as those observed over the course of this attack campaign. Researcers at NETSCOUT report approximately 2,000 DDoS attacks targeting Japanese networks daily and while the recent attacks are impactful, they do not significantly impact the overall threat landscape of the region.

Conclusion

These events shpw how  the Russia-aligned threat actors NoName057(16) and the Russian Cyber Army Team coordinated their efforts in attacking Japanese entities in the logistics & manufacturing sectors, and governmental organisations.

While these  activities do not dramatically alter the overall threat landscape, as DDoS attacks continue to affect organisations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.

Netscout   |   Russuan Federation Ministry of Foreign Affairs     |     Govinfo Security

You Might Also Read: 

Japan Will Use AI To Secure Critical Infrastructure:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Instagram Aims To Prevent Sextortion
The UK Needs To Reevaluate Its Cybersecurity Strategy »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

SensCy

SensCy

SensCy is a Trusted Guide for Sensible Cybersecurity for small and medium-sized organizations.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.