The Japan Ground Self-Defense Force (JGSDF) has revealed that it used a USB memory stick infected with malware for nearly a year. The device was connected to military systems handling highly classified information, but internal security checks failed to detect the threat. Similar counterfeit USBs from China are also being sold online, raising concerns about potential civilian impacts.
The Nihon Keizai Shimbun (Nikkei) reported on June 26 that it obtained internal JGSDF documents confirming this information. According to the report, the Central Army Group of the JGSDF discovered the malware infection while investigating a slow computer in February 2025. The Central Army Group is based in Itami City, Hyogo Prefecture.
The internal investigation found that a total of six USBs were infected with the same malware. These devices were used on more than 50 of the approximately 480 PCs within the Central Army Group, with nearly half connected to a classified information system that is isolated from external networks.
The JGSDF's computer network is divided into a closed network that is disconnected from the internet and a work network that allows external access. Although these two networks are not connected, the frequent transfer of data necessitated the regular use of USB memory sticks, according to Nikkei. Ironically, the security structure designed to keep external threats out became a pathway for the infected USB to enter the system.
Analysis of the recovered USBs by the JGSDF's Cyber Defense Unit confirmed that the devices were counterfeit products from China. They contained low-cost microSD cards embedded with malware. While the PCs displayed a capacity of 1 terabyte, the actual storage was only 240 gigabytes.
Internal documents indicated that the problematic USB was recorded as having been delivered to the Central Army Group from Ishikawa Prefecture during a disaster response to the Noto Peninsula earthquake in January 2024. However, the procurement process remains unverified. Ishikawa Prefecture stated to Nikkei that it could not confirm any records of the USB's procurement or payment.
The JGSDF has protocols requiring virus scans when introducing USBs or connecting them to PCs. However, the security software on the PCs did not include USBs in its scanning targets, resulting in the malware going undetected for nearly a year. A JGSDF official told Nikkei that the reasons for the USBs being excluded from the scanning protocols remain unclear.
The malware in question has been identified in reports from U.S. security firms as being used by Chinese hacking groups in the past. Nikkei reported that the infected PCs could be exploited as a launchpad for cyberattacks or to extract information externally.
The distribution of similar USBs outside the JGSDF is also concerning. The Cyber Defense Unit noted in internal documents that the same type of counterfeit products from China appear to be widely available on electronic commerce sites both domestically and internationally. An investigation by Nikkei into reviews on Amazon Japan and the U.S. found at least 25 reports of suspected infections since 2017. One consumer who purchased a Chinese brand product similar to that found in the JGSDF reported, "The disguised memory stick has a virus; it's the worst."
The threat posed by infected USBs is not limited to the military. Facilities that use systems isolated from the internet, such as factories, laboratories, and hospitals, often transfer external data or software via USBs. An executive from a major Japanese electronics manufacturer told Nikkei, "The equipment in our factories and laboratories is outdated and lacks the latest security measures," adding that virus infections via USBs occur frequently.
Nikkei pointed to lax security management in China's production outsourcing networks as a backdrop for the distribution of infected USBs. An executive from a manufacturer of embedded hardware for factories stated, "It is often the case that the outsourcing company in China is the source of the infection," and added that the possibility of deliberate contamination cannot be ruled out.
The JGSDF's Public Relations Office acknowledged the use of infected USBs to Nikkei but stated, "There was no impact on the system." However, they also noted that the failure to adhere to virus scanning protocols is a problem and emphasized that thorough inspections are now being conducted.
The Japanese government is focusing on 'active cyber defense' to preemptively block cyberattacks. However, Nikkei reported that the JGSDF did not disclose this incident despite being aware that the problematic USBs were widely distributed throughout society.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.