\n<\/p>\n
\t\t\t<\/p>\n<\/div>\n<\/div>\n
Japan Aerospace Exploration Agency<\/p>\n
\t\t\t<\/div>\n
\n \u2003The Japan Aerospace Exploration Agency (JAXA) reports the status of its response to the compromised
\n information caused by unauthorized access last year.\n <\/p>\n<\/div>\n
\n \u2003In October last year, based on a notification from an external organization, JAXA recognized unauthorized
\n access to internal servers on the JAXA’s network (hereinafter referred to as “the incident”). While JAXA immediately
\n took initial measures, such as blocking all malicious communication, we also launched the investigation in
\n cooperation with expert organizations and security vendors to understand the incident, developed countermeasures,
\n and implemented them.\n <\/p>\n<\/div>\n
\n \u2003The attachment provides an overview of the incident. JAXA confirmed that some of the information we manage
\n (related to activities with external organizations and personal information) was compromised.\n <\/p>\n<\/div>\n
\n \u2003We sincerely apologize for any inconvenience to those affected by this incident.\n <\/p>\n<\/div>\n
\n \u2003While we cannot disclose the details of information that was compromised due to the nature of our relationship
\n with third parties, we apologized and notified the affected individuals and partners. As of now, JAXA has not
\n received any reports of significant disruption to the activities of those involved. We sincerely regret any
\n inconvenience this incident may have caused.
\u2003Although JAXA does not see the severe impact on our activities, including cooperation with domestic and
\n international partners, by the incident, we take it very seriously as a matter that could potentially harm
\n relationships of trust, and we will strengthen our measures to prevent a recurrence.\n <\/p>\n<\/div>\n
\n \u2003Although a few instances of unauthorized access occurred in 2024, JAXA confirmed that they did not involve any
\n compromise of information. Those unauthorized access, including the incident last year, targeted VPN devices.\n <\/p>\n<\/div>\n
\n \u2003JAXA has already implemented short-term measures, such as establishing a system to promptly respond to
\n vulnerabilities, and developed permanent measures to further enhance security. We are currently materializing these
\n permanent measures and will continue to strengthen our information security measures in the future.\n <\/p>\n<\/div>\n
\n 1. JAXA’s Response \n 2. Scope of Compromise \n 3. Compromised Information \n 4. Countermeasures \n 5. Future Efforts \n For inquiries regarding personal information, please contact the following:\n <\/p>\n \n Security and Information Systems Department \t\t<\/div>\n
\n \u2003Based on a notification from external organizations, JAXA immediately took initial actions, such as blocking
\n all malicious communications and disconnecting all the compromised servers and computers from the JAXA network.
\n Then, we engaged a security vendor to investigate the signs of the compromise and analyze all the compromised
\n servers and computers. We discovered malwares and removed them, as well as implemented emergency measures to
\n mitigate potential risks, including enhancing the monitoring of internal communications.
\u2003In addition, since we found the possibility of unauthorized access to Microsoft 365 (“MS365”) during the
\n investigation, a specialized team from the Microsoft corporation investigated and confirmed that no further
\n breaches had occurred.
\u2003Throughout the implementation of these measures, JAXA has been working closely with external organizations.
\n This includes cooperation with the police, the JPCERT Coordination Center, the Information-technology Promotion
\n Agency (IPA), and other expert organizations. We have been actively reporting and sharing information with them,
\n including unauthorized communication destinations and malwares.
\n <\/span>\n <\/p>\n<\/div>\n
\n \u2003JAXA identified the scope of compromise based on the initial investigation, the investigation by the
\n security vendor and Microsoft, and the analysis by JAXA. In addition, we confirmed that the attacker used multiple
\n unknown malwares, making it difficult to detect the unauthorized access.
\n <\/span>\n <\/p>\n\n
\n the attacker likely exploited a vulnerability in a VPN device to gain the initial access to JAXA’s internal
\n servers and computers. It is highly likely that the previously announced vulnerability was exploited.<\/span>\n <\/li>\n
\n the attacker further expanded the scope of unauthorized access and compromised JAXA’s user account
\n information.<\/span>\n <\/li>\n
\n the attacker illegally accessed JAXA’s MS365 services with the account information it obtained.<\/span>\n <\/li>\n<\/ol>\n<\/div>\n
\n \u2003As a result of the incident, some information (including personal information of JAXA employees, etc.)
\n stored on the compromised JAXA servers and computers may have been breached. In addition, we confirmed that some
\n of the information managed on JAXA’s MS365 service (related to activities with external organizations and personal
\n information) were compromised. We have already explained and apologized to those affected. The information systems
\n and networks compromised in this incident do not handle sensitive information related to launch vehicles and
\n satellite operations.
\n <\/span>\n <\/p>\n<\/div>\n
\n \u2003In response to this incident, we implemented short-term measures, such as establishing an operation to
\n respond to vulnerabilities promptly and strengthening the monitoring of internal communication. In addition, JAXA
\n developed permanent measures to further enhance security, such as enhancing monitoring of the entire network and
\n endpoints, improving remote access methods, increasing the efficiency and visibility of operational management,
\n and enhancing anti-spoofing measures. We are currently in the process of materializing these permanent
\n measures.
\u2003In the course of taking the above measures and strengthening monitoring, we have detected and responded to
\n multiple unauthorized accesses to JAXA’s network since January of this year (including zero-day attacks), though
\n no information was compromised.
\n <\/span>\n <\/p>\n<\/div>\n
\n \u2003As cyber-attacks become increasingly sophisticated and countermeasures constantly evolve, JAXA is firmly
\n aware of the need for prompt and appropriate security responses and plans to steadily implement short-term and
\n permanent measures in response to this incident. JAXA will further strengthen information security in cooperation
\n with related organizations, including expert organizations.
\n <\/span>\n <\/p>\n<\/div>\n
Japan Aerospace Exploration Agency (JAXA)
Address: 2-1-1 Sengen, Tsukuba-shi, Ibaraki 305-8505
Email: sec-personal-info[a]ml.jaxa.jp \uff08please replace [a] with @\uff09\n <\/p>\n<\/p><\/div>\n<\/div>\n