Counterfeit USB Drives Spread China-Linked Virus in Japan’s Military

 

Counterfeit USB flash drives supplied to Japan’s Ground Self-Defense Force (JGSDF) in March 2024 spread a China-linked computer virus across secure military networks for nearly a year before the breach was finally detected. The incident, first reported by Japan’s Nikkei newspaper in June 2026, highlights how seemingly innocuous hardware can compromise even tightly controlled, air-gapped systems when supply-chain oversight and procurement protocols are insufficient. 

The infected drives were distributed to the JGSDF during earthquake relief operations in central Japan and were assumed to be legitimate, low-cost storage devices. An internal review later determined that six of eight USB sticks tested contained embedded malware that activated automatically upon insertion into a computer. Despite existing protocols that required scanning of external drives both upon receipt and during use, the infection remained undetected until February 2025, when a soldier in Itami, near Osaka, noticed unusually sluggish computer performance and initiated a diagnostic scan.

By that time, more than 50 of roughly 480 computers at the regional command had connected to the compromised drives, with nearly half of them handling classified information such as troop movements and operational plans. Forensic analysis by the JGSDF’s cyber defense unit revealed that the devices were counterfeit, using cheaper, slower microSD cards instead of standard memory chips and preloaded with malicious code. 

Security researchers linked the malware to Mustang Panda, also known as Earth Preta or Camaro Dragon, a China-associated advanced persistent threat (APT) group previously observed targeting government, education, and telecommunications sectors in Vietnam and Australia. Japanese officials stated there was no confirmed evidence of data exfiltration or external command-and-control communication, but the episode demonstrated how supply-chain compromises can silently bridge isolated networks without triggering conventional defenses. 

The fallout extended well beyond the military, as identical counterfeit USB drives were found circulating on major e-commerce platforms such as Amazon and Rakuten, priced 30 to 50 percent below authentic brands and traced to seller accounts in China. Reports of similar infections emerged in Japanese factories, research laboratories, and hospitals—environments that rely on removable media to transfer data across segmented or legacy systems. Security experts warn that such attacks exploit the tension between operational necessity and security policy: while outright bans on USB drives are often impractical in critical infrastructure, trusting removable media without rigorous, purpose-built validation leaves sensitive systems exposed to persistent threats. 

The JGSDF incident underscores three enduring lessons for organizations and governments: verify hardware provenance through trusted suppliers, treat all removable media as untrusted until scanned by dedicated security tools, and assume air gaps are permeable wherever physical media can cross them. For cybersecurity professionals and content creators tracking evolving threats, this case illustrates that s

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: