Pro-Russian Threat Actors Launch Coordinated DDoS Attacks Against Japanese Organizations
Japan has become the latest target of pro-Russian hacktivists following the countryâs move towards increased military cooperation with the US. According to a new report from cybersecurity researcher Marcin Nawrocki at NETSCOUT, two prominent pro-Russian threat actors, NoName057(16) and the Russian Cyber Army Team, launched a coordinated DDoS attack campaign against Japanese organizations on October 14th, 2024.
This offensive comes in the wake of âJapanâs call for increased participation in US-led military alliances,â as stated in the report. The attacks appear to be a direct response to an interview published by the Ministry of Foreign Affairs of the Russian Federation (MID) on October 11th, 2024, expressing concerns over Japanâs ârising defense budget, development of pre-emptive strike capabilities, and involvement in US-led military exercises and joint ballistic missile-defense research and cooperation.â
The DDoS attacks have primarily targeted organizations in the logistics and manufacturing sectors, with a particular focus on harbors and shipbuilding. Government, political, and social organizations have also been hit, including the political party of Japanâs newly elected prime minister. The report suggests that these high-profile targets were chosen to âgenerate significant publicity.â
Nawrockiâs analysis reveals a sophisticated and multi-faceted attack strategy. âNoName057(16) is pushing the limits of its DDoSia botnetâs capabilities, employing a wide range of direct-path attack vectors against multiple targets,â the report states. These vectors include various types of TCP packet-flooding, with TCP SYN-floods being the most common, as well as HTTP-based attacks.
Most common vectors for NoName057(16) attacks on Japan. | Image: NETSCOUT
Interestingly, the report notes a pattern in the timing of the attacks. âAll new C2 server updates occurring between 07:00 and 13:00 UTC (16:00 to 22:00 in Japan, UTC+9), which corresponds to typical working hours for the presumably Russian group.â
While these attacks are impactful, NETSCOUT assures that they havenât significantly disrupted the overall threat landscape in the region. âNETSCOUT observes approximately 2,000 DDoS attacks targeting Japanese networks daily,â the report explains.
However, the incident serves as a stark reminder of the growing use of cyber warfare tactics in geopolitical conflicts. As the report concludes, âas DDoS attacks continue to affect organizations globally, implementing robust detection and mitigation strategies remains crucial for maintaining digital availability.â
