DDoS Attacks Against Japan

Uploaded on 2024-10-21 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

On October 11, 2024, the Ministry of Foreign Affairs of the Russian Federation (MID) published an interview expressing concern over Japan's increasing militarisation.

MID was particularly concerned over its rising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.

In support of these concerns, two pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a series of high-impact DDoS attacks three days later, on October 14-16, 2024.

The slight delay occurred because NoName057 had recently been focused on attempting to disrupt the Belgian elections which took place over the previous weekend, this included more than 30 configuration updates sent with near exclusive Belgium targets for government, logistics, and election sites.

This incident underscores the coordination between these two threat actors as we have observed on multiple occasions.

  • Half of the attacks targeted the Logistics & Manufacturing sector, with a particular focus on harbors and shipbuilding; this is consistent with NoName057(16)’s typical approach.
  • The second-largest target group of attacks were directed towards government, political, and social organisations, including the political party of Japan’s newly elected prime minister, with the likely intention of generating significant publicity by attacking high-profile targets.

Attack Vectors

NoName057(16) has used every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets. Currently approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilising approximately 30 different attack configurations to maximise attack impact.

All identified target domains were subject to at least one type of TCP packet-flooding, with TCP SYN-floods being the most prominent. Additionally, over two-thirds of the websites experienced HTTP-based attacks, further intensifying the attack campaign.

Over the course of three days, it was observed that all new C2 server updates occurring between 16:00 to 22:00 in Japan, which corresponds to typical working hours for the Russian-aligned group.

Recent DDoS Attacks in the Larger DDoS Ecosystem

NETSCOUT's Automated Intelligene Feed ( AIF) tracks validated DDoS attack sources and is especially effective in empowering organisations to effectively mitigate high-visibility DDoS attacks such as those observed over the course of this attack campaign. Researcers at NETSCOUT report approximately 2,000 DDoS attacks targeting Japanese networks daily and while the recent attacks are impactful, they do not significantly impact the overall threat landscape of the region.

Conclusion

These events shpw how  the Russia-aligned threat actors NoName057(16) and the Russian Cyber Army Team coordinated their efforts in attacking Japanese entities in the logistics & manufacturing sectors, and governmental organisations.

While these  activities do not dramatically alter the overall threat landscape, as DDoS attacks continue to affect organisations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.

Netscout   |   Russuan Federation Ministry of Foreign Affairs     |     Govinfo Security

You Might Also Read: 

Japan Will Use AI To Secure Critical Infrastructure:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Instagram Aims To Prevent Sextortion
The UK Needs To Reevaluate Its Cybersecurity Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.

Xmore AI

Xmore AI

Xmore AI, an emerging disruptor in our incubation, is building AI models to optimize and secure IT with the mission of increasing efficiency and reducing costs.