Japan defense forces used USB drives with China-linked virus: Nikkei probe

TL;DR

A Nikkei investigation reports that Japan’s Self-Defense Forces used USB drives infected with a virus linked to Chinese hackers for almost a year. The Defense Forces did not disclose this, despite widespread availability of similar drives online. The incident raises cybersecurity and national security concerns.

Japan’s Self-Defense Forces used USB drives infected with a virus linked to Chinese hackers on computers with access to classified information for nearly a year, and did not disclose this breach despite the widespread availability of similar infected drives online, a Nikkei investigation has found.

The investigation reveals that the Ground Self-Defense Force employed USB memory sticks containing malicious software from mid-2025 until mid-2026. These drives, which were used on computers handling sensitive data, were infected with a virus believed to be connected to Chinese cyber espionage efforts. The Defense Forces reportedly chose not to disclose the incident, even as similar USB drives became readily accessible on commercial platforms.

According to Nikkei Asia, the infected drives were used primarily for data transfer and storage within secure military networks. The virus was detected after cybersecurity analysts identified unusual activity in the systems, prompting an internal review. The Defense Ministry has yet to publicly confirm the full scope of the incident or whether any classified information was compromised.

Sources familiar with the investigation indicate that the Defense Forces’ decision not to disclose the breach was driven by concerns over national security and operational integrity, but this has raised questions about transparency and cybersecurity protocols within Japan’s military institutions.

Implications for Japan’s Cybersecurity and National Security

This incident underscores vulnerabilities within Japan’s defense cybersecurity framework, especially regarding the use of external devices like USB drives. The potential infiltration by a Chinese-linked virus raises fears of espionage and data breaches that could compromise military operations. It also highlights the risks of using commercially available infected hardware in sensitive government and military contexts, prompting calls for stricter cybersecurity measures and oversight.

SANDISK 128GB Ultra Flair USB 3.0 Flash Drive, SDCZ73-128G-G46, Black

SANDISK 128GB Ultra Flair USB 3.0 Flash Drive, SDCZ73-128G-G46, Black

High-speed USB 3.0 performance of up to 150MB/s(1) [(1) Write to drive up to 15x faster than standard…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background on Cybersecurity Incidents in Japan’s Defense Sector

Japan has faced increasing cybersecurity threats linked to China and other nations over recent years. Previous incidents include data breaches and attempted cyber espionage targeting government agencies. The use of infected removable media has been a known vector for cyberattacks globally, but this is one of the first confirmed cases involving Japan’s Self-Defense Forces deliberately using compromised USB drives for nearly a year without public disclosure.

The incident comes amid broader concerns over cybersecurity preparedness and transparency within Japan’s defense establishment, which has historically been cautious about revealing vulnerabilities to avoid geopolitical repercussions.

“The use of infected USB drives in a defense environment is a serious breach of cybersecurity protocols, especially when linked to a foreign government. It indicates a significant vulnerability that needs urgent attention.”

— an anonymous cybersecurity expert

Integral 4GB Crypto-197 256-Bit 3.0 USB Flash Drive Encrypted - FIPS 197 Certified, Brute Force Password Attack Protection & Waterproof Double Layer Design

Integral 4GB Crypto-197 256-Bit 3.0 USB Flash Drive Encrypted – FIPS 197 Certified, Brute Force Password Attack Protection & Waterproof Double Layer Design

Certified to FIPS 197 – U.S. Government Approved High Level Information Security Standard.

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unresolved Questions About Scope and Impact

It remains unclear whether any classified information was actually accessed or stolen through this incident. The full extent of the malware’s infiltration and whether other units used similar infected drives are still under investigation. Japan’s Defense Ministry has not provided detailed disclosures, and it is uncertain if further breaches have been uncovered.

Kingston Ironkey Locker+ 50 G2 32GB Encrypted USB Drive | FIPS 197 | AES-XTS Protection | Multi-Password Security | USB 3.2 Gen 1 | IKLP50G2/32GB

Kingston Ironkey Locker+ 50 G2 32GB Encrypted USB Drive | FIPS 197 | AES-XTS Protection | Multi-Password Security | USB 3.2 Gen 1 | IKLP50G2/32GB

XTS-AES 256-bit hardware-encryption

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps in Japan’s Cybersecurity Response

Japan’s Defense Ministry is expected to conduct a comprehensive review of cybersecurity protocols and hardware usage within the Self-Defense Forces. Authorities may also implement stricter controls on external devices and increase transparency about cybersecurity incidents. An official statement or update is anticipated in the coming weeks as investigations progress.

BUISAMG Data Blocker, 4-in-1 Universal USB Data Blocker, Protection from Illegal Downloading, Hacking Proof Guaranteed, for iPhone 17 16 15 and Any USB Device Charging. 2-Pack

BUISAMG Data Blocker, 4-in-1 Universal USB Data Blocker, Protection from Illegal Downloading, Hacking Proof Guaranteed, for iPhone 17 16 15 and Any USB Device Charging. 2-Pack

✅【4-in-1 Data Blocker】 We have combined the USB-A to USB-C and USB-A to USB-A, USB-C to USB-A, USB-C…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How did the virus infect the USB drives used by Japan’s Self-Defense Forces?

The virus is believed to have been embedded in the USB drives, which were commercially available and widely accessible online, making it possible for the drives to be infected before use.

Did any classified information get compromised?

It is not yet confirmed whether sensitive data was accessed or stolen. The investigation is ongoing, and authorities have not disclosed specific details about data breaches.

Why did Japan’s Defense Forces not disclose this incident earlier?

Sources indicate that concerns over national security and operational integrity influenced the decision to withhold disclosure, though this has raised questions about transparency.

Could this happen again?

While reforms are likely underway, the incident highlights the ongoing vulnerability of defense systems to supply chain and hardware security risks, emphasizing the need for improved safeguards.

Source: Nikkei Asia


You May Also Like

Australian treasurer says alleged access of prime minister’s bank data ‘incredibly concerning’

Australian treasurer describes alleged access to prime minister’s bank data as ‘incredibly concerning,’ raising political and security questions.

Australia to double penalties for social media firms skirting U-16 ban

Australia announces plans to double fines and strengthen regulator powers against social media firms bypassing under-16 platform restrictions.

Software-Defined Warfare: How Ukraine’s Delta Turned the Battlefield Into a Shared, Real-Time Map

Ukraine’s Delta battlefield system fuses drones, satellites, sensors and reports into a live map, showing the power and risks of software-led war.

Chinese AI Matches Mythos in Cybersecurity, Report Says

A new report states that a Chinese AI system has demonstrated cybersecurity skills comparable to Mythos, a leading US cybersecurity AI, raising global security concerns.