JAXA has not said who the attackers were, but most cybersecurity observers are pointing the finger at state actors working for China.

“The fact that a space agency was targeted with a sophisticated complex attack indicates a state actor with goals to compromise data, not just gather intelligence or send a political message, with the lead suspect being a China affiliated cyber security private company of some sort,” said Irina Tsukerman, a geopolitical analyst and the president of Scarab Rising, a global strategy advisory firm. “Such an attack is likely the work of either a state-backed independent hacker, possibly part of an intelligence gathering gang, whose methods could potentially be analyzed and compared to prior such attacks, or it could be attributed to a private cybersecurity company, most likely affiliated with China, in which case prior incidents could be harder to detect. The most interesting detail was the description of the attack and the fact that the attacker used several different types of malware and nevertheless went undetected.

GootLoader malware evolves with new versions, using SEO poisoning and disguised payloads to compromise systems.

Discover Zergeca, a new sophisticated botnet capable of DDoS attacks and more. Learn about its features, targets, and potential impact on cybersecurit.

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

Cybersecurity firm Sygnia, who reported the incidents to Cisco, linked the attacks to a Chinese state-sponsored threat actor it tracks as Velvet Ant.

“Sygnia detected this exploitation during a larger forensic investigation into the China-nexus cyberespionage group we are tracking as Velvet Ant,” Amnon Kushnir, Director of Incident Response at Sygnia, told BleepingComputer.

An interesting way of punishment.