TL;DR
A Nikkei investigation reports that Japan’s Self-Defense Forces used USB drives infected with a virus linked to Chinese hackers for almost a year. The Defense Forces did not disclose this, despite widespread availability of similar drives online. The incident raises cybersecurity and national security concerns.
Japan’s Self-Defense Forces used USB drives infected with a virus linked to Chinese hackers on computers with access to classified information for nearly a year, and did not disclose this breach despite the widespread availability of similar infected drives online, a Nikkei investigation has found.
The investigation reveals that the Ground Self-Defense Force employed USB memory sticks containing malicious software from mid-2025 until mid-2026. These drives, which were used on computers handling sensitive data, were infected with a virus believed to be connected to Chinese cyber espionage efforts. The Defense Forces reportedly chose not to disclose the incident, even as similar USB drives became readily accessible on commercial platforms.
According to Nikkei Asia, the infected drives were used primarily for data transfer and storage within secure military networks. The virus was detected after cybersecurity analysts identified unusual activity in the systems, prompting an internal review. The Defense Ministry has yet to publicly confirm the full scope of the incident or whether any classified information was compromised.
Sources familiar with the investigation indicate that the Defense Forces’ decision not to disclose the breach was driven by concerns over national security and operational integrity, but this has raised questions about transparency and cybersecurity protocols within Japan’s military institutions.
Implications for Japan’s Cybersecurity and National Security
This incident underscores vulnerabilities within Japan’s defense cybersecurity framework, especially regarding the use of external devices like USB drives. The potential infiltration by a Chinese-linked virus raises fears of espionage and data breaches that could compromise military operations. It also highlights the risks of using commercially available infected hardware in sensitive government and military contexts, prompting calls for stricter cybersecurity measures and oversight.

SANDISK 128GB Ultra Flair USB 3.0 Flash Drive, SDCZ73-128G-G46, Black
High-speed USB 3.0 performance of up to 150MB/s(1) [(1) Write to drive up to 15x faster than standard…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background on Cybersecurity Incidents in Japan’s Defense Sector
Japan has faced increasing cybersecurity threats linked to China and other nations over recent years. Previous incidents include data breaches and attempted cyber espionage targeting government agencies. The use of infected removable media has been a known vector for cyberattacks globally, but this is one of the first confirmed cases involving Japan’s Self-Defense Forces deliberately using compromised USB drives for nearly a year without public disclosure.
The incident comes amid broader concerns over cybersecurity preparedness and transparency within Japan’s defense establishment, which has historically been cautious about revealing vulnerabilities to avoid geopolitical repercussions.
“The use of infected USB drives in a defense environment is a serious breach of cybersecurity protocols, especially when linked to a foreign government. It indicates a significant vulnerability that needs urgent attention.”
— an anonymous cybersecurity expert

Integral 4GB Crypto-197 256-Bit 3.0 USB Flash Drive Encrypted – FIPS 197 Certified, Brute Force Password Attack Protection & Waterproof Double Layer Design
Certified to FIPS 197 – U.S. Government Approved High Level Information Security Standard.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Unresolved Questions About Scope and Impact
It remains unclear whether any classified information was actually accessed or stolen through this incident. The full extent of the malware’s infiltration and whether other units used similar infected drives are still under investigation. Japan’s Defense Ministry has not provided detailed disclosures, and it is uncertain if further breaches have been uncovered.

Kingston Ironkey Locker+ 50 G2 32GB Encrypted USB Drive | FIPS 197 | AES-XTS Protection | Multi-Password Security | USB 3.2 Gen 1 | IKLP50G2/32GB
XTS-AES 256-bit hardware-encryption
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Next Steps in Japan’s Cybersecurity Response
Japan’s Defense Ministry is expected to conduct a comprehensive review of cybersecurity protocols and hardware usage within the Self-Defense Forces. Authorities may also implement stricter controls on external devices and increase transparency about cybersecurity incidents. An official statement or update is anticipated in the coming weeks as investigations progress.

BUISAMG Data Blocker, 4-in-1 Universal USB Data Blocker, Protection from Illegal Downloading, Hacking Proof Guaranteed, for iPhone 17 16 15 and Any USB Device Charging. 2-Pack
✅【4-in-1 Data Blocker】 We have combined the USB-A to USB-C and USB-A to USB-A, USB-C to USB-A, USB-C…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How did the virus infect the USB drives used by Japan’s Self-Defense Forces?
The virus is believed to have been embedded in the USB drives, which were commercially available and widely accessible online, making it possible for the drives to be infected before use.
Did any classified information get compromised?
It is not yet confirmed whether sensitive data was accessed or stolen. The investigation is ongoing, and authorities have not disclosed specific details about data breaches.
Why did Japan’s Defense Forces not disclose this incident earlier?
Sources indicate that concerns over national security and operational integrity influenced the decision to withhold disclosure, though this has raised questions about transparency.
Could this happen again?
While reforms are likely underway, the incident highlights the ongoing vulnerability of defense systems to supply chain and hardware security risks, emphasizing the need for improved safeguards.
Source: Nikkei Asia