DDoS Attacks Against Japan

Uploaded on 2024-10-21 in INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

On October 11, 2024, the Ministry of Foreign Affairs of the Russian Federation (MID) published an interview expressing concern over Japan's increasing militarisation.

MID was particularly concerned over its rising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.

In support of these concerns, two pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a series of high-impact DDoS attacks three days later, on October 14-16, 2024.

The slight delay occurred because NoName057 had recently been focused on attempting to disrupt the Belgian elections which took place over the previous weekend, this included more than 30 configuration updates sent with near exclusive Belgium targets for government, logistics, and election sites.

This incident underscores the coordination between these two threat actors as we have observed on multiple occasions.

  • Half of the attacks targeted the Logistics & Manufacturing sector, with a particular focus on harbors and shipbuilding; this is consistent with NoName057(16)’s typical approach.
  • The second-largest target group of attacks were directed towards government, political, and social organisations, including the political party of Japan’s newly elected prime minister, with the likely intention of generating significant publicity by attacking high-profile targets.

Attack Vectors

NoName057(16) has used every attack capability of the DDoSia botnet, employing a wide range of direct-path attack vectors against multiple targets. Currently approximately 40 targeted Japanese domains have been identified. On average, each domain is hit by three attack waves, utilizing four distinct DDoS attack vectors, utilising approximately 30 different attack configurations to maximise attack impact.

All identified target domains were subject to at least one type of TCP packet-flooding, with TCP SYN-floods being the most prominent. Additionally, over two-thirds of the websites experienced HTTP-based attacks, further intensifying the attack campaign.

Over the course of three days, it was observed that all new C2 server updates occurring between 16:00 to 22:00 in Japan, which corresponds to typical working hours for the Russian-aligned group.

Recent DDoS Attacks in the Larger DDoS Ecosystem

NETSCOUT's Automated Intelligene Feed ( AIF) tracks validated DDoS attack sources and is especially effective in empowering organisations to effectively mitigate high-visibility DDoS attacks such as those observed over the course of this attack campaign. Researcers at NETSCOUT report approximately 2,000 DDoS attacks targeting Japanese networks daily and while the recent attacks are impactful, they do not significantly impact the overall threat landscape of the region.

Conclusion

These events shpw how  the Russia-aligned threat actors NoName057(16) and the Russian Cyber Army Team coordinated their efforts in attacking Japanese entities in the logistics & manufacturing sectors, and governmental organisations.

While these  activities do not dramatically alter the overall threat landscape, as DDoS attacks continue to affect organisations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.

Netscout   |   Russuan Federation Ministry of Foreign Affairs     |     Govinfo Security

You Might Also Read: 

Japan Will Use AI To Secure Critical Infrastructure:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Instagram Aims To Prevent Sextortion
The UK Needs To Reevaluate Its Cybersecurity Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Quantropi

Quantropi

Quantropi is bound to be the standard for quantum-secure data communications – forever unbreakable, no matter what.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.