Cyber Threat: Why Is Japan a Prime Target?

It is not only Godzilla that threatens Japan’s critical infrastructure. A report published by FutureMatters states that in February 2024, an organization in Japan faced an average of 1,003 cyberattacks per week. In addition, a study by the Teikoku Databank Research Institute shows that 32% of Japanese companies suffered a cyberattack between January and May 2025. Japan appears to have become a prime target for cybercriminals.

Despite its globally recognized expertise in the technology sector, Japan has long neglected cybersecurity. The year 2022 marked a turning point with the publication of the National Security Strategy, which explicitly called for strengthening cyber capabilities and recognized cybersecurity as a vital element of national security. Despite government efforts to encourage organizations to protect themselves, Japan still lags behind in cybersecurity. This weakness may partly explain the country’s vulnerability to cyberattacks, but it is only one of many factors that make the Land of the Rising Sun an attractive target for cybercriminals.

A Complex Geopolitical Context

Japan’s exposure to cybercrime is partly explained by geopolitical tensions in the Asia-Pacific, which also extend into cyberspace. First, this region is particularly shaped by the rivalry between China and the United States, with which Japan has been historically allied since 1945. China’s military and economic rise does not result in direct clashes but rather in a “peaceful” struggle through influence, investments, or technology (notably artificial intelligence and semiconductors).

In the Asia-Pacific region, tensions crystallize around three hot spots. The first is Taiwan, which China considers a territory that rightfully belongs to it. To achieve reunification, Beijing continues to increase military and diplomatic pressure. The South China Sea is the second hot spot, as China claims nearly the entire area, often at the expense of Vietnam, Malaysia, and the Philippines. Finally, North Korea is the third, with its nuclear and ballistic programs seen as a constant threat to regional and global security.

In this context, Japan, historically pacifist, is undergoing a shift in its defense policy to counter Chinese influence and the direct threat posed by North Korea. It seeks to strengthen its political and diplomatic role in the region but still faces the mistrust of neighbors scarred by the wounds of the 20th century. Japan is also playing an increasingly active role in defending multilateralism and advocating for a “free and open Indo-Pacific.”

Between Modernity and Vulnerabilities

Japan is today the world’s fourth-largest economy, with a GDP of $4.026 trillion. It is a major player in several critical sectors: automotive, robotics and automation, semiconductors, biotechnology, and more. Japan exports high value-added products. This expertise and capacity for innovation attract the interest of rival powers and make the country a prime target for industrial cyber-espionage.

Due to its geography, the Land of the Rising Sun is also heavily dependent on other powers, leading to high levels of imports. It has one of the lowest food self-sufficiency rates among developed countries, importing around 63% of its caloric intake. It also lacks the mineral and energy resources needed to power its industry. This dependency creates vulnerabilities and can exacerbate the consequences of a cyberattack.

Despite its technological prowess, many Japanese organizations still rely on outdated IT systems, making them particularly vulnerable to highly sophisticated attacks. Even though digital transformation is a government priority, further investments are required to achieve proper protection. Given Japan’s central role in the global supply chain, even a minor disruption can have global consequences, which may be the very goal of some cybercriminal groups.

Beyond technical considerations, some weaknesses are rooted in Japanese culture itself. The country is characterized by particularly high social trust, reflected in low crime rates, strong respect for rules, and daily practices such as the frequent return of lost objects. Organizations may therefore be less suspicious of external threats. This “relational trust,” which strengthens Japan’s social fabric, paradoxically becomes a weakness in cyberspace, as attackers can exploit it for malicious purposes.

Who Is Targeting Japan?

Japan is a prime target for cybercrime, with attacks carried out by state actors or state-backed cybercriminal groups. These operations are primarily driven by strategic and economic objectives. In 2018, 97% of cyberattacks targeting Japan originated from abroad, according to the NICT (National Institute of Communication and Information Technology).

In cyberspace, China poses a persistent threat to Japan, as highlighted in a report by Tagui Ichikawa published by the Center for Strategic and International Studies. Beijing conducts near-constant espionage to monitor military programs or obtain strategic information about political and economic decisions. It primarily targets aerospace, shipbuilding, telecommunications, semiconductors, and research sectors.

Numerous groups of suspected Chinese origin have attacked Japan. Among the most notable is Leviathan (also known as APT40), publicly identified by Japan’s Ministry of Foreign Affairs as likely linked to the Chinese state after carrying out espionage and data theft against Japanese companies and government agencies. Numbered Panda (or APT12) has also been recognized for targeting Japanese electronics manufacturers and telecom operators in espionage campaigns. Many Chinese cybercriminal groups run targeting campaigns against Japan, among other countries, with intelligence as their main motivation.

One of the most striking campaigns in recent memory was the 2023 cyberattack against JAXA, Japan’s space agency, allegedly carried out by MirrorFace (a subgroup of APT10). Hackers reportedly accessed the personal data of nearly 5,000 employees and more than 10,000 cloud-stored files. Strategic information on rockets, satellites, and defense operations was reportedly not compromised.

North Korea also poses a cyber threat to Japan. While Pyongyang’s attacks often aim to gather strategic data, unlike Beijing’s ambitions, they are also heavily motivated by financial gain. To fund regime activities and circumvent international sanctions, North Korea engages in cyber-heists, targeting banks, cryptocurrency platforms, and businesses to steal vast sums of money. Japan’s economic power makes it an obvious target. North Korean groups use less sophisticated techniques than China, relying heavily on social engineering, targeted phishing, and ransomware. Although underreported in Japan, the country has been one of the main victims of cryptocurrency thefts carried out by the Lazarus Group (also known as APT38), with proceeds amounting to billions of dollars.

Although not part of the Asia-Pacific region, Russian cybercriminal groups—sometimes backed by the Kremlin—also target Japan depending on the political agenda. Tokyo is a historic U.S. ally and an active G7 member, making it a target for Russian cyber operations. The territorial dispute over the Kuril Islands further fuels tensions in cyberspace, as Russia views cyberwarfare as an extension of traditional warfare. Moreover, Tokyo imposed economic sanctions on Moscow following the 2022 invasion of Ukraine, elevating its profile as a target and triggering increased cyberattacks by suspected Russian groups. Russian-origin groups target Japan with destabilizing DDoS attacks (such as Noname057(16)) and cyber-espionage (via groups like Sandworm) to gather intelligence on alliances and uncover weaknesses in infrastructure. Moscow seeks to undermine confidence in Japan’s digital capabilities, mainly targeting the energy, transportation, and major international events sectors (such as the 2023 Hiroshima G7 Summit).

Japan’s Response to Cybercrime

The Land of the Rising Sun has not said its last word against cyberattacks. Historically prohibited from carrying out offensive cyber operations, Japan adopted the Active Cyber Defense Bill in 2025, expected to take effect by 2027. This legislation will enable Japan to take proactive countermeasures, such as neutralizing foreign servers used to launch attacks. It marks a genuine doctrinal shift for the country.

Furthermore, during his February 2025 visit to Washington, Prime Minister Ishiba and President Trump announced that cyber would become a central pillar of the U.S.-Japan alliance. This translates into information sharing between the two countries and the use of AI to enhance resilience. The strengthened alliance is particularly evident in the fight against cybercrime, with recent examples including the Tokyo Forum organized to address the North Korean threat and Japan’s participation in an international coalition against cyber-espionage by Chinese tech companies.

Finally, 2025 also marks a turning point for Japan’s cybersecurity, as it is becoming embedded at the core of executive power. The NISC (National Center of Incident Readiness and Strategy for Cybersecurity) will be replaced by a new central authority chaired by the Prime Minister. A Cabinet Cybersecurity Officer, with vice-ministerial rank, will also be appointed. This decision should give greater weight to the fight against cybercrime and to improving the resilience of critical infrastructure.

The InCyber Forum Japan will take place in Tokyo on December 4, 2025. Register here to discover the Japanese ecosystem!