Security News > 2024 > July > Japanese space agency spotted zero-day attacks while cleaning up raid on M365

The Japanese Space Exploration Agency discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.
Then there's the mention of zero-day attacks in the last sentence of a section about countermeasures like closer network monitoring and improve remote access security the agency adopted.
The 2023 breach did provide the attackers with some information hosted in JAXA's MS365 service, including personal information.
The space agency also dismissed potential impact on cooperation with domestic and international partners from the attack.
Because the attacker used multiple unknown strains of malware, it was difficult to detect the unauthorized access, explained JAXA. Initial entry to JAXA's internal servers and computers was likely gained by exploiting a VPN vulnerability.
The attacker then expanded its unauthorized access and compromised the space agency's user account information.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/11/jaxa_m365_zeroday_attacks/
Related news
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)