Key takeaways
Malware Infection: Fake USB sticks delivered to Japan’s Ground Self-Defense Force in March 2024 carried a China-linked virus, infecting computers as soon as the drives were inserted. Detection occurred nearly a year later in February 2025.
Security Breach: Despite safeguards like scanning external drives, more than 50 computers were exposed, with nearly half handling classified data, including unit movements.
Cyber Espionage Context: The attack reflects a broader trend of pre-positioned malware by China-linked hackers targeting military and critical infrastructure systems, capable of stealing data or disabling computers during crises.
Fake USB sticks used by the Japanese army spread a China-linked computer virus inside a secure network for nearly a year before they were found to contain malware, Japan’s Nikkei newspaper reported on Thursday.
The flash drives were delivered to Japan’s Ground Self-Defense Force during disaster relief operations in March 2024 following an earthquake in central Japan, the paper said, citing internal army documents. The infection was not discovered until February 2025, when a Japanese soldier in Itami, near Osaka, reported that a computer was operating slowly.
A scan revealed that it had been infected by a virus carried on a compromised flash drive previously linked to a Chinese hacker group, the Nikkei said. The malware infects the computer as soon as the USB drive is inserted.