Cyber Incident Victim: Hiroshima City Municipal Government
Date:
Feb 2022
Location:
Japan
Summary
A cloud service provider hosting websites for Hiroshima Prefecture and all 23 of its municipalities suffered repeated distributed denial-of-service (DDoS) attacks, causing intermittent accessibility issues for the affected sites. The attacks involved overwhelming the system with data traffic at 30- to 60-minute intervals, disrupting public access when overlapping with user attempts. While the external cloud infrastructure—used as a common access point—experienced operational impacts, authorities confirmed no data compromise occurred since it wasn't linked to servers handling confidential information. The incident was reported to local police for investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 18, 2022, Hiroshima Prefecture announced that external cloud services supporting its official website and those of all 23 municipalities within the prefecture had been subjected to a cyberattack, causing intermittent accessibility issues since February 16. The attack targeted the shared cloud infrastructure serving as the connectivity hub for these websites, though officials confirmed the cloud environment operated separately from servers handling confidential data, with no evidence of information leakage. According to the prefecture’s investigation, the incident involved distributed denial-of-service (DDoS) attacks designed to overwhelm systems by flooding them with excessive data traffic. The cloud service management provider first detected the attack at 9:17 AM on February 16, observing repeated assault waves at 30- to 60-minute intervals thereafter. During periods when attack traffic coincided with user access attempts, website responsiveness degraded significantly, impairing public access to municipal and prefectural online resources.
The sustained DDoS campaign affected all jurisdictions relying on the shared cloud platform, creating uniform disruptions across Hiroshima Prefecture and its 23 cities and towns. While the attack methodology did not compromise sensitive systems or data, it disrupted routine access to public information portals. Hiroshima Prefecture engaged law enforcement by reporting the incident to police for further investigation, though attribution details and attacker motives remained undisclosed. Officials maintained transparency about the operational separation between the targeted cloud services and secured internal networks throughout the incident. No additional technical countermeasures or forensic findings were disclosed beyond the confirmation of DDoS patterns and the absence of data exfiltration. The intermittent disruptions represented the primary operational impact, with restoration efforts likely coordinated through the cloud service provider.