Japanese law enforcement says a group of hackers known as Tick has links to the Chinese military. According to the Japanese police, the Chinese military is behind a broad cyber-espionage campaign in which attackers breached over 200 Japanese companies and organizations since at least 2016.
This marks the first time that anyone has linked the Tick ATP group to China’s military.
Multiple Japanese media outlets, such as Yomiuri Shimbun, Nikkei, NHK, and The Mainichi, reported yesterday that Tokyo police had identified a 30-year-old Chinese national and a Chinese student who have allegedly been assisting Tick in their attacks. Between 2016 and 2017, the suspects used fake IDs to register web servers. The suspects have fleed from Japan following the interrogations by Tokyo police.
The Chinese hacker group Tick later used the servers to launch attacks against Japanese companies and research institutes in the aviation and defense sectors. Japanese investigators names only one victim, the Japan Aerospace Exploration Agency (JAXA), which is Japan’s main space exploration org.
According to the local media, the Chinese People’s Liberation Army (PLA) Unit 61419 from the eastern Chinese city of Qingdao was operating the Tick APT.
However, threat analysts for Recorded Future’s Insikt Group say the attribution was most likely based on older Chinese military intelligence collected before restructurings in the mid-2010s. Still, Insikt Group researchers said the Tick group has been suspected of operating on behalf of the Chinese military for a while now.
“The group has maintained a very tight regional focus on defense and military targets within the Korean peninsula and Japan, which aligns with the suspected operational tasking of Unit 61419 prior to the restructuring of the PLA,” the Insikt Group researchers believe.
