Security News

Asia In Brief Japan's government last Friday rebuked Fujitsu for shabby cloud security. Fujitsu operates a cloud called "FENICS" and in February 2023 admitted that in December 2022 it had detected network misconfigurations that allowed unauthorized remote access to the service.

Fujitsu Japan is in the spotlight again for all the wrong reasons, after fumbling its attempt to fix the nation's troubled ID card scheme. One use of the cards is to arrange for administrative documents to be printed at convenience stores or government offices.

Japanese prime minister Fumio Kishida has ordered an emergency review of the nation's ID Cards, amid revelations of glitches and data leaks that threaten the government's digital services push. Japanese media reports that people with similar names are receiving cards intended for other people, while some recipients found the card links to records describing someone else.

Linux routers in Japan are the target of a new Golang remote access trojan called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center said in a report published today. The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process to evade detection.

Japan's minister for digital transformation and digital reform, Tono Karo, has apologized after a government app breached citizens' privacy. Fujitsu Japan developed and operates the service, which preps PDF files in response to user requests and then despatches them to printers in convenience stores.

According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea. In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.

A Monday post from FTX Japan states the outfit plans to allow withdrawals from an unspecified moment in February, through the Liquid web site. In 2022 Japan again passed crypto-related laws as it sought to deal with stablecoins and the rise of NFTs. The result of all that lawmaking is that crypto exchanges in Japan are required to register with the Financial Services Agency, demonstrate they can comply with anti-money-laundering laws and similar regulations, set aside capital reserves, and separate customer and exchange assets.

Japan is also revising its cyber security strategy according to Nikkei. Japan's Aerospace Exploration Agency announced last week it has started conceptualizing a satellite refueling service with private Japanese orbital debris removal company, Astroscale.

The United Kingdom, Japan and Italy will pool resources to build a sixth-generation warplane scheduled to be ready for deployment by 2035, with capabilities understood to include AI to rival never-before-seen tech on fighter jets built by China and Russia, although this wasn't stated explicitly. The "Sharing the costs" bit will be important to the UK, which hasn't built a fighter jet alone for quite some time.

Japan's Ministry of Defence announced on Friday that it has formally joined NATO's Cooperative Cyber Defense Centre of Excellence. The CCDCOE is recognized as an international military organization and cyber defence hub focusing on research, training and exercises, like its yearly red team versus blue team cyber war game, Locked Shields.