TL;DR
Japan’s Self-Defense Forces used USB drives infected with a China-linked virus for almost a year. The incident was not disclosed publicly, raising questions about cybersecurity transparency and risks.
Japan’s Ground Self-Defense Force used USB drives infected with a virus linked to Chinese hackers on computers with access to classified information for nearly a year, according to a Nikkei investigation. The military did not disclose the incident despite the widespread availability of similar infected drives online, raising concerns over cybersecurity and transparency.
The investigation revealed that the Ground Self-Defense Force employed USB drives believed to contain malware associated with Chinese cyber espionage groups. These drives were used on sensitive computers from mid-2025 until mid-2026. Despite the potential security breach, officials reportedly chose not to disclose the incident, citing operational confidentiality.
The virus was identified by cybersecurity experts as part of a known Chinese hacking toolkit, though the military has not officially confirmed the infection’s origin or scope. The infected USB drives were reportedly obtained from online marketplaces where such malicious devices are readily available.
Sources familiar with the matter told Nikkei that the military became aware of the infection only after an internal security review prompted by unusual network activity. The Defense Ministry declined to comment on specific security measures or the extent of the breach but acknowledged ongoing investigations into the incident.
Security Risks and National Defense Implications
This incident underscores vulnerabilities in Japan’s cybersecurity defenses, especially within its defense forces. The use of infected USB drives on classified systems highlights potential gaps in supply chain security and operational procedures. It raises concerns about the possibility of espionage or data theft by foreign actors, particularly China, which is known for cyber espionage activities. The lack of transparency also fuels debates over information security management within Japan’s military institutions.

Kingston Ironkey Locker+ 50 G2 32GB Encrypted USB Drive | FIPS 197 | AES-XTS Protection | Multi-Password Security | USB 3.2 Gen 1 | IKLP50G2/32GB
XTS-AES 256-bit hardware-encryption
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background of Cybersecurity Incidents in Japan’s Defense Sector
Japan has faced increasing cybersecurity challenges over recent years, with several high-profile breaches reported in government and corporate sectors. The use of malicious USB drives linked to foreign hacking groups has been a recurring threat globally. This incident marks a rare disclosure of a security lapse involving Japan’s Self-Defense Forces, which have historically maintained strict confidentiality around their cybersecurity measures. Prior to this, Japan has taken steps to bolster its cyber defenses, but the incident reveals ongoing vulnerabilities.
“The use of infected USB drives with links to Chinese hacking groups on sensitive military systems is a serious breach that could have compromised national security.”
— an anonymous cybersecurity expert

Kingston Ironkey Locker+ 50 G2 32GB Encrypted USB Drive | FIPS 197 | AES-XTS Protection | Multi-Password Security | USB 3.2 Gen 1 | IKLP50G2/32GB
XTS-AES 256-bit hardware-encryption
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Extent of Data Compromise and Official Acknowledgment
It is not yet clear how widespread the infection was within the defense systems or whether any classified information was accessed or stolen. The Defense Ministry has not publicly confirmed the scope of the breach or the specific malware involved. Details about the origin of the infected USB drives and the full timeline remain undisclosed, and investigations are ongoing.

EZITSOL 64GB Write Protect USB Flash Drive with Physical Switch,Write Blocker Protection,64GB exFat USB3.0 High Speed up to 150MB/S,MLC Jump Drive Pendrive Thumb Drive Memory Stick
SuperSpeed: A super-fast 64GB USB3.0 USB drive with read speed up to 150MB/S and write speed up to…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Upcoming Security Reviews and Policy Revisions
Japan’s Defense Ministry is expected to conduct a comprehensive review of its cybersecurity policies and supply chain security measures. Further disclosures may follow as investigations progress, and officials may implement stricter controls on the use of external storage devices within military networks. The incident is likely to prompt increased scrutiny of cybersecurity practices across Japan’s defense establishments.

Kali Linux Bootable USB for Ethical Hacking & Cybersecurity
Dual USB-A & USB-C Bootable Drive – works on almost any desktop or laptop (Legacy BIOS & UEFI)….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How did the USB drives become infected?
According to the investigation, the USB drives were obtained from online marketplaces where malicious devices are sold. The infection is believed to be linked to Chinese hacking groups, though official confirmation has not been provided.
Did any classified information get compromised?
It is currently unclear whether any classified data was accessed or stolen. The scope of the breach is still under investigation by Japanese authorities.
Why was this incident not disclosed earlier?
Officials cited operational security concerns and the sensitivity of ongoing investigations as reasons for the delay in disclosure. They have now begun to address the issue publicly.
What measures are Japan taking to prevent similar incidents?
The Defense Ministry is reviewing its cybersecurity protocols, including stricter controls on external devices and enhanced monitoring of network activity, to prevent future breaches.
Could this incident affect Japan’s international relations?
Potentially. If the breach is confirmed to be linked to Chinese cyber activities, it could influence diplomatic discussions around cybersecurity and defense cooperation.
Source: Nikkei Asia