Cyber Incident Victim: Liberal Democratic Party
Date:
Oct 2024
Location:
Japan
Summary
Japan's ruling Liberal Democratic Party experienced a temporary website disruption due to a distributed denial-of-service attack coinciding with the launch of its general election campaign. Pro-Russian threat actors NoName057(16) and Cyber Army of Russia claimed responsibility, citing retaliation against planned Japan-U.S. military exercises near Russian borders, while also targeting other government entities, shipbuilding firms, and financial institutions—some confirmed offline by local media. The attackers characterized the operation as punishment against "Russophobic" policies, aligning with patterns of election-related disruptions in nations opposed by the Kremlin. Japanese authorities condemned attempts to undermine electoral integrity and implemented security measures while investigating the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On October 1, 2024, Japan’s ruling Liberal Democratic Party (LDP) reported a distributed denial-of-service (DDoS) attack that temporarily disrupted its website on Tuesday, coinciding with the start of the country’s 12-day general election campaign for the House of Representatives. The attack occurred as election activities commenced, a critical period in Japan’s parliamentary process. Deputy Chief Cabinet Secretary Kazuhiko Aoki confirmed during a Thursday press conference that national cyber agencies had deployed security measures and launched an investigation into the incident. Local media reported simultaneous DDoS attacks against other Japanese state entities, including local government websites, some of which were forced offline. Pro-Russian threat actors NoName057(16) and the Cyber Army of Russia publicly claimed responsibility for targeting the LDP and other organizations, citing retaliation against planned large-scale joint military exercises between Japan and the U.S. scheduled for later that month in regions near Russia’s border. The hackers characterized Japan as “Russophobic” and warned that “any actions against Russia can end badly,” explicitly linking the cyber campaign to geopolitical tensions. They also asserted attacks against Japanese shipbuilding companies, legal counseling agencies, and financial and state services, with local media verifying disruptions to some of these institutions.
The incident exemplified a pattern of pro-Russian hacktivist groups leveraging DDoS attacks to generate media attention and disrupt services in nations perceived as adversarial to Kremlin interests, particularly during electoral periods. In September 2024, NoName057(16) had similarly targeted Austrian websites ahead of that country’s general election. The LDP attack caused temporary website inaccessibility but did not compromise internal party systems or data. Deputy Secretary Aoki condemned actions threatening electoral integrity, stating such interference “will never be tolerated by any organization, group, or individual in Japan.” Cybersecurity analysts noted the attackers’ focus on superficial disruption rather than persistent intrusion, consistent with their historical tactics. The Japanese government’s response emphasized containment through existing cyber defenses while continuing to assess the full scope of impacted entities. No further technical details regarding attack vectors, traffic volumes, or duration of outages were disclosed publicly.