Cyber Incident Victim: Government of Japan

On or around September 6, 2022, multiple Japanese government websites experienced disruptions attributed to cyber-attacks. The Russia-affiliated hacking group Killnet claimed responsibility for targeting Japanese companies and approximately 20 websites across four government ministries. Japan’s Chief Cabinet Secretary Hirokazu Matsuno confirmed the government was investigating whether a denial-of-service (DDoS) attack caused accessibility issues. The country’s digital agency separately reported login problems affecting some services on its e-Gov administrative portal on September 7, though it did not explicitly link these issues to the attacks. Government websites became inaccessible on Tuesday evening but were restored within the same day. Matsuno acknowledged Killnet’s claim of involvement but emphasized investigations into the failures were ongoing, including verifying the group’s role. No data breaches or permanent damage to systems were reported.

Threat intelligence analysts attributed the attacks to Killnet’s pattern of targeting nations supporting Ukraine during the Russia-Ukraine conflict, with Japan’s stance on Ukraine and historical disputes over the Kuril Islands cited as potential motives. Check Point’s Sergey Shykevich characterized the incidents as disruptive DDoS attacks intended to inconvenience government operations and citizens rather than cause permanent infrastructure damage. The attacks aligned with Killnet’s established tactics of combining DDoS disruptions with data theft operations, as previously observed in similar incidents affecting Italy, Lithuania, Estonia, Poland, and Norway. Japanese authorities implemented restoration procedures promptly but did not disclose specific technical countermeasures. No additional collateral impacts on private sector entities or critical infrastructure were documented in the immediate aftermath.