Japan NISC News

Japan Joins 10-Nation Advisory on China-Linked Covert Networks

Japan's National Cybersecurity Center co-signed the UK-led international advisory "Defending against China-linked covert networks of compromised devices" alongside nine other nations (Australia, Canada, Germany, Netherlands, New Zealand, Spain, Sweden, UK, US) on April 23, 2026. The advisory documents how China-linked threat actors Volt Typhoon and Flax Typhoon have shifted from individually procured infrastructure to large-scale botnets of compromised SOHO routers, IoT devices, and smart home devices, including the Raptor Train botnet spanning over 200,000 infected devices globally, and recommends layered defensive measures for organizations at all risk levels.

Warning: NISC Impersonation Scam Phone Calls Demanding Money

NISC (Japan's National Center of Incident Readiness and Strategy for Cybersecurity) has issued a public warning about an active phone scam in which fraudsters impersonate NISC and the National Cybersecurity Center (NCO), demanding money from individuals under false pretenses of cyberattack-related settlement fees, compensation, or insurance premiums. The scammers frequently rotate between posing as telephone companies, police, and lawyers to add credibility, and instruct victims not to discuss the calls with anyone. NISC explicitly states it never makes such telephone contact. The agency advises anyone receiving suspicious calls or who has been victimized to contact their nearest police station.

International Cyber Agencies Publish Joint Advisory on Defending Against China-Linked Covert Networks

The UK's NCSC alongside 15 international cyber agencies published a joint advisory on defending against China-linked covert networks, which are compromised device botnets (home routers, smart devices) used to disguise the origins of cyber attacks. The advisory, launched at CYBERUK 2026, includes mitigation advice and warns of 'IOC extinction' where indicators of compromise disappear quickly. Organizations are urged to use the free Cyber Action Toolkit, obtain Cyber Essentials certification, and implement the Cyber Assessment Framework. The advisory specifically calls out Integrity Technology Group, sanctioned by the UK in December 2025 for controlling a botnet used by Flax Typhoon threat actors.