The Japan Ground Self-Defense Force used six USB drives containing malicious code for nearly one year after the malware was first detected [1].
This security breach is significant because the malware is suspected to be the work of Chinese hackers, raising concerns that classified military information may have been compromised.
The incident occurred at the Central Army Surface Command in Itami, Hyogo Prefecture [1, 2]. According to reports, the malicious code was first discovered in February 2023 [1]. Despite this discovery, the infected devices remained in use for nearly a year [1].
Investigators found that six USB drives were infected [1]. These drives were connected to more than 50 computers [1] within a facility that houses a total of 480 PCs [1]. The breach allowed the malware to interact with systems that may have held sensitive data.
Security experts said the virus appears identical to malware used by Chinese hacking groups in previous cyberattacks [1, 2]. This similarity suggests a targeted effort to infiltrate Japanese military networks through physical hardware.
Government officials said the overall impact on the system was limited. However, the duration of the exposure and the number of affected machines highlight a failure in internal security protocols regarding the handling of external storage devices [1].
“Six USB drives were infected [1].”
This incident underscores a critical vulnerability in 'air-gapped' or secure military networks where physical media remains a primary attack vector. The fact that the malware persisted for a year after initial detection suggests a breakdown in the chain of command or a failure in the remediation process, potentially granting foreign intelligence agencies a long-term window to exfiltrate data.
